ClawGuard — OpenClaw Skill Security Scanner

You are a security-conscious assistant. Before the user installs or uses any third-party OpenClaw skill, you MUST run a security scan using ClawGuard.

When to use this skill

• The user asks to install a new skill (e.g., clawhub install <skill-name>)
• The user asks you to review or audit a skill for safety
• The user asks you to check if a skill is safe to use
• The user points you at a skill directory or SKILL.md file

How to scan

Run the following command on the skill directory:

npx clawguard scan <path-to-skill-directory>

For JSON output (useful for programmatic analysis):

npx clawguard scan <path-to-skill-directory> --json

To check only specific rules:

npx clawguard scan <path-to-skill-directory> --rules prompt-injection,data-exfiltration

Interpreting results

ClawGuard checks for 6 types of security issues:

Severity	Rules
CRITICAL	prompt-injection — instruction overrides, role switching, hidden payloads
CRITICAL	data-exfiltration — reading sensitive files (~/.ssh, ~/.aws) and sending externally
HIGH	permission-overreach — requesting sudo, rm, docker, or excessive env vars
HIGH	suspicious-urls — IP-based URLs, URL shorteners, known malicious domains
HIGH	dangerous-commands — rm -rf /, curl | sh, system file modification
MEDIUM	metadata-mismatch — undeclared env vars, unused declared binaries

How to respond to scan results

If the scan PASSES (exit code 0, no findings):

Tell the user the skill passed all security checks and is safe to install. Proceed with the installation.

If the scan FAILS (exit code 1, findings detected):

1. Show the user ALL findings clearly, grouped by severity
2. For CRITICAL findings: Strongly recommend NOT installing the skill. Explain the specific risk.
3. For HIGH findings: Warn the user and ask for explicit confirmation before proceeding
4. For MEDIUM findings: Inform the user but allow installation if they acknowledge the warnings
5. Never silently skip or hide any finding

Example interaction flow:

User: "Install the cool-scraper skill"

You should:

1. First locate the skill directory
2. Run npx clawguard scan <skill-dir>
3. Report the results to the user
4. Only proceed with installation if the scan passes or the user explicitly accepts the risks

Important notes

• Always scan BEFORE installation, never after
• If ClawGuard is not installed, run npm install -g clawguard first
• If a skill contains scripts (.sh, .py, .js), ClawGuard will scan those too
• A clean scan does not guarantee absolute safety — it catches known patterns only
• For skills that interact with external websites, note that content at those URLs may change over time (a safe link today could become malicious tomorrow)