Skill Blocker - 安全守卫
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a prompt-only safety skill, but it asks the agent to broadly block actions, persist logs, and modify OpenClaw skill/config files in ways that could disrupt the user’s environment.
Install only if you want an aggressive prompt-level blocker. Before using it, require explicit confirmation for any action that disables skills or edits OpenClaw configuration, and be aware that its logging instructions may persist sensitive command or task details.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A false positive could disable installed skills, change future agent behavior, or corrupt configuration, requiring manual cleanup.
The skill tells the agent to mutate installed skill directories and global OpenClaw configuration based on broad risk-pattern matching. This is high-impact environment control, and the artifact does not clearly require explicit user approval before these persistent changes.
如果技能匹配 **高** 或 **⛔ 极端** 模式: ... `mv ~/.openclaw/skills/danger-skill ~/.openclaw/skills/danger-skill.DISABLED` ... `echo '{"blocked_skills": ["danger-skill"]}' >> ~/.openclaw/config/global-blocklist.json`Require explicit user confirmation before renaming skills or editing global config, provide a dry-run and backup/rollback path, and avoid appending raw JSON to configuration files.
The agent may refuse, delay, or alter normal tasks even when the user intended a safe operation.
The skill instructs the agent to interpose on all tool or command use and to block actions based on uncertainty. That matches the security theme, but it is broad enough to override legitimate user-directed work without a bounded review process.
在执行任何工具/命令之前,首先扫描是否有阻止模式。 ... **要 paranoid** - 如果觉得不对,就假设是坏的。 ... **不确定时就阻止。**
Limit automatic blocking to clearly defined dangerous patterns, and use confirmation or explanation-only warnings for ambiguous cases.
Sensitive user requests or command details could remain in memory/log files and influence or be exposed in future sessions.
The skill directs persistent logging of blocked operations and the user's original intent. Blocked operations may involve sensitive commands, file paths, credentials, or private task details, but the artifact gives no redaction, retention, or access-control guidance.
审计轨迹。记录所有内容以便后续审查。 ... 将阻止事件记录到 `memory/blocked-operations.log`: { "intent": "[用户的原始请求是什么]", "blocked_by": "skill-blocker" }Log only minimal metadata, redact secrets and private paths, ask the user before storing detailed logs, and define retention/cleanup behavior.
A user may believe dangerous actions are technically prevented when they are only discouraged by instructions to the agent.
The supplied artifacts show no implementation code, but the skill wording implies hard-coded or automatic enforcement. Users may over-trust the protection even though it is only prompt-level guidance.
metadata: "No code files present — this is an instruction-only skill."; SKILL.md: "以下工具类别被**硬编码封锁**" and "Automatically detects and blocks patterns"
Describe the skill as advisory or prompt-level unless an actual enforcement mechanism is included, and clearly state its limits.