OpenClaw Shield
v1.0.3Enterprise AI security scanner using static analysis, runtime guards, and ClamAV to detect credential theft, data leaks, malware, and ensure audit logging.
⭐ 2· 3.2k·35 current·37 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes an enterprise scanner with ClamAV integration, Telegram alerting, hash-chained logs, and runtime guards, but the skill package contains no scanner code and declares no required credentials. Features like Telegram alerts and ClamAV integration imply external configuration/credentials that are not requested or documented in the skill metadata. The claim that the tool is already 'Deployed' on this instance is inconsistent with an instruction-only skill that contains no runnable code.
Instruction Scope
Runtime instructions explicitly tell the agent to git clone https://github.com/pfaria32/OpenClaw-Shield-Security into /home/node/.openclaw/workspace and run python3 projects/OpenClaw-Shield/src/scanner.py on arbitrary paths. That requires the agent to fetch and execute third-party code and to read files/paths provided for scanning (which may include sensitive locations such as workspace, home, or system config). The SKILL.md also suggests configuring cron jobs and enabling runtime guards — operations that change system state outside the skill's sandbox.
Install Mechanism
There is no formal install spec in the skill bundle; instead SKILL.md instructs cloning an external GitHub repository and running its Python scripts. Pulling and executing code from an external repo is a common installation pattern but is higher risk than an instruction-only skill that uses only packaged code. The referenced repo and owner are not verified by the skill metadata, creating supply-chain risk.
Credentials
The skill declares no required environment variables or credentials, yet mentions integrations (Telegram alerts, ClamAV) and may require tokens/keys or host-level services to function. The scanner itself will read files to detect secrets (e.g., ~/.ssh, ~/.aws), meaning it needs filesystem access; the absence of any declared required env/config is disproportionate and leaves unclear how alerting/configuration credentials are provided.
Persistence & Privilege
The instructions recommend creating daily cron jobs and deploying runtime guard components (openclaw-config.py). Those steps would give the scanner ongoing persistence and modify system configuration. The skill metadata does not declare always: true, but the SKILL.md’s suggested cron and deployment actions create persistence outside the platform's skill controls — the skill should explicitly document and require authorization for such changes.
Scan Findings in Context
[no-regex-findings] expected: The static regex scanner reported nothing because the published skill bundle contains no code files to analyze (only README, SECURITY.md, SKILL.md). This absence of findings is expected for an instruction-only skill but means the real surface (the external GitHub repo the instructions point to) was not scanned.
What to consider before installing
This skill is an instruction-only wrapper that tells you to git clone and run a third-party repository. Before installing or running it: (1) review the referenced GitHub repository and its commit history yourself — do not blindly run scripts; (2) verify exactly what credentials/host services are required for Telegram/ClamAV/alerts and avoid providing tokens until you trust the code; (3) run the scanner in an isolated environment (container or sandbox) first, not on production hosts or with root privileges; (4) be cautious about enabling cron jobs or runtime guards that change system state — require explicit review and authorization; (5) ask the skill author to declare required env vars, describe what system paths will be read, and provide cryptographic verification (signed releases or checksums) for the repository. Because of the inconsistencies between claims and what's packaged, treat this skill as potentially risky until the above checks are completed.Like a lobster shell, security has layers — review code before you run it.
auditvk97eh2y3xhgjcykq1r629f69x58133t6enterprisevk97eh2y3xhgjcykq1r629f69x58133t6latestvk97eh2y3xhgjcykq1r629f69x58133t6scannervk97eh2y3xhgjcykq1r629f69x58133t6securityvk97eh2y3xhgjcykq1r629f69x58133t6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.