Ssh Guard
v1.0.3Intercepts SSH exec calls and pauses them for user approval. Supports one-time and session-wide approval modes, with automatic state cleanup when sessions end.
⭐ 0· 132·0 current·0 all-time
by@yanbo92
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the contained code and SKILL.md. The plugin and skill both focus on intercepting exec calls containing the substring 'ssh' and requiring explicit user approval; required files and configuration changes (plugins.load.paths, plugins.entries, session.dmScope) are appropriate for that purpose.
Instruction Scope
SKILL.md instructs only on installing/configuring the plugin (language choice, where to place files, and session.dmScope values). It does not request unrelated secrets, system files, or instruct gathering/transmitting unrelated data. The requested edits (enable plugin, add load path, set dmScope) are proportional to the plugin's operation.
Install Mechanism
No automated install spec or external downloads are present; the repository is intended to be added to plugins.load.paths or copied into an extensions directory. This is low-risk and traceable to the included source files.
Credentials
The skill declares no environment variables, no credentials, and no config paths beyond telling the user to update openclaw.json. The code only uses the plugin API and an in-memory Map for approval state; it does not access secrets or external services.
Persistence & Privilege
The skill is not marked always:true and does not request persistent platform-wide privileges. It asks the user to enable the plugin entry (normal for a plugin). Its runtime state is in-memory and cleared on session_end or subagent_ended.
Assessment
This repository appears to do what it claims: block exec tool calls containing 'ssh' and require explicit approval. Before installing: (1) verify you trust the GitHub source or copy the files into an internal repo, (2) review index.en.ts / index.zh-CN.ts yourself (they only use the OpenClaw plugin API and logging), (3) follow SKILL.md to set session.dmScope to per-channel-peer or per-account-channel-peer as recommended (the plugin relies on that routing to correctly bind approvals), (4) be aware the blocking logic looks for the substring 'ssh' (possible false positives/negatives), (5) test in a safe environment first (no external network calls or secret access are present, but running any plugin in production should be done cautiously). If you want higher assurance, ask for provenance (author identity, repository history) or run the code through your own review/process before enabling it in production.Like a lobster shell, security has layers — review code before you run it.
latestvk97ev99r527n21mpvmzfbh7cv983myma
License
MIT-0
Free to use, modify, and redistribute. No attribution required.