Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawGuard-Guardian
v3.0.0ClawGuard Guardian v3 - Runtime guardian with behavior monitoring, interception, session freeze/replay, and emergency response
⭐ 0· 29·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description claim a runtime guardian (monitoring, interception, freeze/replay). The included code implements session tracking, logging, replay, freeze/unfreeze and blocking logic, which is broadly consistent. However the core rules are required via require('../../shared/rules/interceptor-rules.js')—a file outside the package that is not included or declared. That external dependency is unexplained and necessary for decision logic, creating an incoherence between claimed self-contained capability and actual runtime requirements.
Instruction Scope
SKILL.md instructs monitoring of commands, files, network, and prompt injections and describes blocking/confirm behaviors for sensitive paths (e.g., /etc, /.aws). The packaged code reads/writes logs under ~/.clawguard and provides replay/freeze operations, but there is no clear code that hooks into an agent runtime to intercept ALL agent actions or network calls. The instructions imply agent-level interception and broad filesystem awareness; the implementation as shipped does not include the external rule module or other integration modules referenced in README (Detect, Shield, Auditor), so the runtime scope is ambiguous and possibly incomplete.
Install Mechanism
There is no install spec and package.json has no dependencies; code is included in the bundle and will run locally with node. This avoids remote downloads (lower install risk). However, because code expects an external shared rules module outside the package, proper operation may depend on platform-provided files—this is an installation/integration dependency that is not declared.
Credentials
The skill does not request environment variables, binaries, or credentials. It persistently reads/writes logs under the user's home (~/.clawguard/logs/) and may read those logs and other files when replaying sessions. The SKILL.md and code reference monitoring reads of system paths (e.g., /etc) in rules/examples; although these are for blocking/monitoring, the skill's access to home and potential to reference system paths is notable and should be considered before installing on systems with sensitive files.
Persistence & Privilege
always:false (normal). The skill will create/read persistent logs in ~/.clawguard and maintains session state on disk. It does not declare modifications to other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) — combine this with the other concerns (external rule dependency and broad monitoring instructions) when deciding risk.
What to consider before installing
This package mostly looks like a legitimate local 'guardian' tool but there are important inconsistencies you should resolve before installing or enabling it:
- Missing external rules: The code requires '../../shared/rules/interceptor-rules.js' which is not included. Ask the author where that file comes from (platform-provided, separate package, or omitted). Running the skill without that module may produce unexpected behavior or silently fall back to insecure defaults.
- Verify integration surface: SKILL.md implies agent-level interception of commands, files, and network activity, but the shipped code appears to be a standalone CLI that reads/writes ~/.clawguard logs. Confirm how this skill is intended to hook into your agent runtime and whether additional platform components (Detect/Shield/Auditor) are required.
- Inspect omitted implementations: The audit logger and referenced modules (Detect/Shield/etc.) are not present in the package excerpt. Request full source or a signed release, and review any code that handles I/O, network, or dynamic requires before running.
- Run in isolation: If you test it, run it in an isolated environment (non-production account/machine) and monitor filesystem and network activity (e.g., with auditd or network monitoring) to ensure it does not exfiltrate data.
- Least privilege and logs: Expect it to create persistent logs in ~/.clawguard; if that is unacceptable for your environment, do not install. If you need this functionality, prefer a version that bundles all dependencies or points to a verified, auditable rules module and a public source/homepage.
If the author can provide the missing rules module and clarify how the skill integrates with the agent (and show there are no hidden remote endpoints), the assessment could move toward benign. Right now, the unexplained external dependency and mismatch between instructions and shipped code justify caution.Like a lobster shell, security has layers — review code before you run it.
latestvk979n9cfpj9macxv072hxm701n846s38
License
MIT-0
Free to use, modify, and redistribute. No attribution required.