ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawGuard

v0.1.5

Install and configure the ClawGuard security plugin - an LLM-as-a-Judge guardrail that detects and blocks risky tool calls

0· 2.2k·10 current·11 all-time
by@lidan-capsule
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description (an LLM-as-a-Judge guardrail) match the instructions: enabling the chat completions endpoint and installing an OpenClaw plugin that inspects tool calls and queries your configured LLM. Nothing requested in the SKILL.md appears unrelated to that purpose.
Instruction Scope
Instructions stay on task: enable gateway endpoint, install plugin via openclaw, restart gateway, and configure options. They do instruct checking the gateway token (env var OPENCLAW_GATEWAY_TOKEN) and reading ~/.openclaw/openclaw.json for token mismatch — both are directly relevant to connecting to the local gateway and troubleshooting authentication.
Install Mechanism
The skill is instruction-only (no packaged install spec in the registry) and tells the user to install @capsulesecurity/clawguard from npm via the openclaw plugin manager. Installing an npm package pulls third‑party code from the registry — a moderately risky supply‑chain action that is expected for this use but should be reviewed before installation.
Credentials
The skill does not declare required env vars, but the runtime guidance legitimately references OPENCLAW_GATEWAY_TOKEN and the gateway config file to diagnose 401 errors. Those accesses are proportional to operating the plugin.
Persistence & Privilege
No special persistence flags (always:false). The plugin runs inside OpenClaw after installation; the skill does not request system-wide config changes beyond enabling the chat completions endpoint and plugin configuration. Autonomous invocation by the agent is the platform default and not a unique concern here.
Assessment
This instruction-only skill directs you to install a third‑party npm plugin that will inspect and (by default) log and possibly block tool calls. Before installing: 1) Verify the npm package and its publisher (review the package page and the linked GitHub repo, check recent releases and maintainers). 2) Inspect the plugin source or release tarball if possible to confirm no unexpected behavior. 3) Note defaults: logToolCalls=true and metricsEnabled=true — consider disabling metrics and enabling log-only mode (blockOnRisk=false) initially to avoid unintended data sharing or blocking. 4) Run installation and testing in a staging or isolated environment first, and ensure the gateway token is managed securely (do not paste tokens into public logs). 5) If you need higher assurance, obtain a checksum/signature for the npm package or vendor-signed release before deploying in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d7sdg053dddvwbw84r09xen80gskp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments