ClawHub

MoltGuard - Security & Antivirus & Guardrails

v6.8.16

MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...

104· 22k·129 current·134 all-time
byOpenGuardrails@thomaslwang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (security guard against prompt injection, data exfiltration, malicious commands) matches the actions described: install an OpenClaw plugin, query status, claim an agent, and optionally enroll with an enterprise Core. The homepage points to an OpenGuardrails repo, which aligns with the claimed purpose.
Instruction Scope
SKILL.md instructs the agent to run OpenClaw plugin commands and to read files and scripts inside the plugin's own extension path (e.g., ~/.openclaw/extensions/moltguard/...). Those file reads and node script invocations are scoped to the plugin's directory and are directly relevant to installation, testing, enrollment, and uninstall flows. The skill does not instruct the agent to read unrelated system paths or extraneous environment variables.
Install Mechanism
The skill is instruction-only (no install spec). It instructs the user/agent to run 'openclaw plugins install @openguardrails/moltguard' — installing a plugin from the OpenClaw plugin system. That implies downloading and executing third-party plugin code (not included in this SKILL.md). This is expected for a plugin, but the actual code fetched at install time should be reviewed/trusted because it will run locally.
Credentials
No environment variables or unrelated credentials are requested. The skill does describe storing an API key under ~/.openclaw/credentials/moltguard/ and exposing an /og_status command that shows the API key and quota — which is consistent with needing a service key for a cloud 'Core' detection backend. Requiring/using an API key for a remote detection service is proportionate to the described functionality.
Persistence & Privilege
The skill is not forced always-on (always: false). It allows autonomous invocation (disable-model-invocation: false), which is expected for a guardrail/security plugin. It does describe saving credentials to a local path and the ability to claim/link agents (shared quota), which is consistent with its purpose. No instructions modify other skills or system-wide settings beyond the plugin's own files.
Assessment
This SKILL.md is internally consistent: it instructs installing a plugin (which will download and run code), testing a sample file inside the plugin tree, and storing an API key locally for a remote 'Core' detection service. Before installing: verify the plugin source (review the code at the GitHub homepage), confirm you trust the Core service that will receive detection telemetry and API keys, and be cautious when running enterprise enrollment commands (ensure the enterprise Core URL is correct). If you need to revoke access later, use the uninstall instructions and rotate/delete any API keys created during setup.

Like a lobster shell, security has layers — review code before you run it.

latestvk9793wthkm28qc1gje4hannw0h82q2xs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments