Shoofly Basic
v1.3.0Real-time security monitor for AI agents. Watches every tool call, flags threats, and alerts you before damage is done. Works with OpenClaw and Claude Code....
⭐ 1· 181·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (real-time monitor that flags tool calls) align with the included SKILL.md and the helper script. Required binaries (jq, curl) are reasonable for parsing JSON and sending HTTP requests/notifications. No unrelated credentials, installs, or surprising binaries are requested.
Instruction Scope
Instructions require the agent to capture tool name, arguments, and outputs and append them (JSONL) to ~/.shoofly/logs/alerts.log and to run pattern checks on the content. That is consistent with monitoring, but it means potentially sensitive data (secrets, API keys, full tool outputs) will be recorded unencrypted on disk and may be sent to configured channels. The instructions do not instruct reading unrelated system files, but they do read agent config (~/.shoofly/config.json) and offer to inspect ~/.openclaw/openclaw.json for channel discovery.
Install Mechanism
No install spec; this is instruction + a small bash helper included in the bundle. No downloads or archive extraction. The ship contains a single shell script whose behavior is visible and straightforward.
Credentials
The skill requests no environment variables and only requires jq/curl. It does read user config files (~/.shoofly/config.json and ~/.openclaw/openclaw.json) and may use tokens found there (telegram.bot_token, etc.) to deliver messages — which is consistent with its notification role but means those credential-containing configs will be read and used if present. The script takes precautions (mkdir, chmod 700, refuse symlink) but will still cause data to traverse configured channels.
Persistence & Privilege
The skill is not always:true, does not request system-wide config changes, and only writes to its own ~/.shoofly/ directory. It does read other agent config (~/.openclaw/) for channel discovery, which is reasonable for a notifier but worth noting. It does not autonomously block actions (explicitly passive).
Assessment
This skill appears to do what it says: passively monitor tool calls, run pattern checks, log results to ~/.shoofly/logs/alerts.log, and notify via configured channels. Before installing, review and consider: 1) Logs will include full tool arguments and outputs — these can contain secrets; ensure the log file location and permissions are acceptable or modify the SKILL to redact sensitive fields. 2) The notifier will read ~/.shoofly/config.json and ~/.openclaw/openclaw.json and may use any notification tokens found there (e.g., Telegram bot token) to send alerts — verify those configs and tokens before enabling. 3) The script tries to send alerts through the user's configured channels (openclaw, Telegram, WhatsApp) which will cause data to leave the machine if those channels are configured. 4) The skill is passive (does not block), so you should still enforce guardrails for high-risk actions. If you want stronger guarantees, consider removing sensitive channels or ensuring logs are encrypted/ACL-restricted, and inspect ~/.shoofly/config.json and ~/.openclaw/openclaw.json to confirm what will be used for delivery.Like a lobster shell, security has layers — review code before you run it.
agent-safetyvk970nxp10nx9s7qmcnj5pbyazn83fxzedata-exfiltrationvk970nxp10nx9s7qmcnj5pbyazn83fxzejailbreak-detectionvk970nxp10nx9s7qmcnj5pbyazn83fxzelatestvk9728ymqr0xaszb1ecpbnj1pk983s7k3monitoringvk970nxp10nx9s7qmcnj5pbyazn83fxzeopenclawvk970nxp10nx9s7qmcnj5pbyazn83fxzeprompt-injectionvk970nxp10nx9s7qmcnj5pbyazn83fxzeruntime-securityvk970nxp10nx9s7qmcnj5pbyazn83fxzesecurityvk970nxp10nx9s7qmcnj5pbyazn83fxzetool-monitoringvk970nxp10nx9s7qmcnj5pbyazn83fxze
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🪰 Clawdis
Binsjq, curl