ClawHub

ClawGuard-Checker

v3.0.0

ClawGuard Security Checker v3 - Advanced configuration analysis, runtime integrity verification, permission modeling, and one-click hardening recommendations

0· 31·0 current·0 all-time
by@stardreaming
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (ClawGuard security checker) align with the included files (cli.js, src/checker.js), SKILL.md, and package.json. The code implements configuration, credential, network, and sandbox checks as described; no unrelated cloud credentials, binaries, or opaque external services are requested.
Instruction Scope
SKILL.md and the CLI direct the agent to read the OpenClaw config (~/.openclaw/openclaw.json), inspect config-related files, search for exposed secrets, check permissions (including SSH keys), and optionally run a deep check. Those actions are expected for a security auditor, but the 'search for exposed secrets' / 'deep' modes are somewhat open-ended and could read additional files (logs, .env files, etc.). Users should be aware deep mode may access other local files and keys.
Install Mechanism
No install spec that downloads remote archives or runs installers; package is distributed as source files (cli.js, src/checker.js, package.json) with no external dependencies. This minimizes install risk.
Credentials
The skill does not request environment variables, credentials, or external tokens. It inspects local configuration and files only, which is proportionate to its stated purpose. There are no unrelated secrets requested.
Persistence & Privilege
always: false and no special persistence or system-wide configuration changes are requested. The skill can be invoked autonomously by the agent by default (platform standard), but it does not request elevated privileges or permanent inclusion.
Assessment
This skill appears to be a legitimate local OpenClaw configuration and hardening checker. Before running: (1) review the code (especially the deep-check path) if you are cautious about what files will be read; (2) run without --deep and without --fix first to see the report; (3) do not run as root — run as the user who owns the OpenClaw config; (4) backup your config before applying any generated hardened config; (5) if you use the agent's autonomous invocation, be aware the README suggests auto-trigger phrases that could make the agent run checks when asked; limit that if you don't want automatic scans. Overall, the skill is coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk974xftm8spqxky6zp2wbv57ts846mmh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments