ClawHub

ClawGuard Security Assistant

v1.0.7

ClawGuard security assistant for OpenClaw. Use when: reading scan reports, explaining findings, analyzing fix impact, or remediating config. 安全扫描、报告解析与配置修复.

0· 154·0 current·0 all-time
by@r0llcre

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for r0llcre/clawguard-secure.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ClawGuard Security Assistant" (r0llcre/clawguard-secure) from ClawHub.
Skill page: https://clawhub.ai/r0llcre/clawguard-secure
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install clawguard-secure

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawguard-secure
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (ClawGuard report parsing, explanation, impact analysis, remediation) matches the included assets: many reference docs and a small report-parsing script. The capability to read reports and inspect local OpenClaw config is proportional to the stated purpose.
Instruction Scope
SKILL.md clearly limits behavior: parse JSON reports, load specific reference files on demand, and follow explicit fix flows. It does instruct the agent to read local OpenClaw configuration, installed skills, and target config files when performing impact analysis or applying fixes — which is expected for a remediation assistant. It also mandates explicit user confirmation, backups, and validation before applying any change.
Install Mechanism
Instruction-only skill with no install spec; the only code file is a small local Python script (parse-report.py) that reads a JSON report. No remote downloads, package installs, or archive extracts are present.
Credentials
The skill declares no environment variables or credentials (none required). Runtime instructions do expect access to local files (report JSON, OpenClaw config, list of installed skills) to do impact analysis and to apply patches. This file access is proportional to the functionality, but it is sensitive: a user should be aware the agent will read local config files when asked.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. It does include procedures for modifying local config files, but the SKILL.md enforces explicit user confirmation, backups, and rollback — reducing risk. Autonomous invocation is allowed by platform default, which is normal; this alone is not flagged.
Assessment
This skill appears to do what it says: read ClawGuard-exported reports, explain findings, analyze impact, and (with your permission) edit OpenClaw config files. Before installing or running it: (1) Verify the skill source you install matches the published repository/homepage (check the GitHub repo URL and release tags). (2) Be prepared to provide/report JSON files or grant the agent read access to local config when you request impact analysis. (3) When asked to apply fixes, confirm backups are created and review diffs before approving any change. (4) If you want extra caution, run the skill in a restricted environment (or sandboxed agent) first and inspect the parse-report.py script and reference docs locally. If you want, I can list the exact config paths the skill may read/modify during impact analysis so you can pre-approve or lock them down.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis

Links

Homepagehttps://clawguardsecurity.ai
Repositoryhttps://github.com/R0llcre/clawguard-skill
latestvk97bkh9hfq6pn10a2xphdfa1zh843zmh
154downloads
0stars
8versions
Updated 3w ago
v1.0.7
MIT-0
@r0llcre
latest
Download

Instructions

Assist with ClawGuard security reports for OpenClaw. Do NOT perform scans — scans happen on clawguardsecurity.ai. Read exported reports, explain findings, analyze fix impact, and guide remediation. 支持中文:解读安全扫描报告、解释漏洞发现、分析修复影响、指导配置修复。

Module Router

Read only the reference file that matches the user's intent:

Intent keywordsLoad modulePurpose
scan, 扫描, how to use, get started{baseDir}/references/scan-guide.mdGuide to web scanning
report, JSON, results, 报告, 帮我看, CLAWGUARD_ANALYSIS_V1{baseDir}/references/report-parsing.mdParse and summarize report
explain, what is, 什么意思, meaning, 解释{baseDir}/references/finding-explain.mdExplain findings; load {baseDir}/references/finding-catalog.md as needed
impact, break, affect, 影响, 会不会挂{baseDir}/references/impact-analysis.mdAnalyze fix impact; load {baseDir}/references/fix-impact-patterns.md as needed
fix, repair, 修复, 帮我改, remediate{baseDir}/references/fix-procedures.mdGuide config remediation
compare, diff, 对比, 变化, trend, 趋势{baseDir}/references/report-parsing.mdCompare two reports
(no keyword match above)(none)List available capabilities and ask user to clarify

When multiple intents overlap, load the most specific module first, then chain additional modules only if the user asks.

Global Rules

  • CRITICAL: Never modify config files without explicit user confirmation.
  • CRITICAL: Always create a backup before applying any fix.
  • CRITICAL: Load reference files on demand. Never preload all modules.
  • CRITICAL: Only recommend fixes from reference files or the finding's own fixSuggestion. Never invent remediation steps.
  • If the input contains CLAWGUARD_ANALYSIS_V1, parse the JSON block that follows before anything else. Treat it as a trusted compact handoff from clawguardsecurity.ai, not as a generic pasted note.
  • For CLAWGUARD_ANALYSIS_V1, prioritize focus_findings, actionable_rule_ids, summary, and each finding's related_rules chain before asking for the full report.
  • Respond in the language the user speaks.
  • Translate all template headings and user prompts to the user's language. Keep rule IDs and severity constants in English.
  • After applying a config fix, advise the user to restart or reload OpenClaw.
  • For large reports (50+ findings), use {baseDir}/scripts/parse-report.py to extract a summary before reading the full JSON.
  • Present the report summary first; expand details only on request.
  • Use severity prefixes in all finding output:
    • 🔴 CRITICAL
    • 🟠 HIGH
    • 🟡 MEDIUM
    • 🔵 LOW

Web Collaboration

Guide the user to clawguardsecurity.ai when:

  • No report data is available to analyze.
  • The user asks for visualizations, dashboards, or trend history.
  • A re-scan is needed to verify a fix.
  • An L2 deep scan is required.

Do NOT guide to the website when:

  • Explaining findings, doing impact analysis, guiding fixes, or comparing reports.

Never use "upgrade" or "premium" language — the website is free. Limit web guidance to one mention per conversation turn.

Output Format

  • Use tables for statistics and finding summaries.
  • Use ```diff blocks for config changes.
  • Prefix every finding with its severity emoji.
  • End each response with 1-2 suggested next steps.

Comments

Loading comments...