ClawHub

wip file guard v2

Blocks destructive writes and large line removals on protected identity files like CLAUDE.md and IDENTITY.md to safeguard critical data.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 17 · 0 current installs · 0 all-time installs
by@stavc
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The guard logic in guard.mjs matches the description: it inspects PreToolUse JSON on stdin, blocks Write on exact protected filenames, and blocks Edit when large net line removals or large replacements occur. No unrelated binaries, credentials, or system access are requested. However, metadata is inconsistent: SKILL.md, package.json, openclaw.plugin.json, and the registry manifest show different version numbers; SKILL.md and guard.mjs require Node.js but the registry 'Required binaries' section lists none. These are quality/packaging issues (not direct security malice) that you should resolve before trusting an install.
Instruction Scope
SKILL.md instructs adding guard.mjs as a PreToolUse hook and shows CLI/testing usage. The runtime instructions only read stdin JSON and use existsSync/readFileSync for package.json when answering --version. The skill does not instruct reading unrelated system files, accessing env vars, or sending data externally.
Install Mechanism
The registry lists no install spec, but SKILL.md advertises an npm package (@wipcomputer/wip-file-guard) and provides manual copy instructions. No high-risk download URLs or archive extraction are present in the repo. This mismatch (no declared install vs. npm packaging mentioned) is a packaging/registry inconsistency to verify.
Credentials
The skill requests no environment variables or credentials and the code does not attempt to read them. It only relies on Node.js being present and on filesystem checks (existsSync). This is proportional to its stated purpose.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It defines a lifecycle hook (openclaw.plugin.json) to run before tool use — that is expected for a file-guard plugin. It does not attempt to modify other skills or global agent config beyond registering itself as a lifecycle hook (normal behavior).
Assessment
This code appears to do what it claims: protect named identity files from destructive writes and large removals. Before installing: 1) Verify the package source (npm package and GitHub repo) and ensure versions line up — the metadata files show inconsistent versions. 2) Confirm the license you need (README lists MIT for CLI but AGPL for hosted use). 3) Install the hook in a controlled location (e.g., ~/.ldm/extensions or ~/.openclaw/extensions) and run the bundled tests (bash test.sh) to confirm behavior in your environment. 4) Review the guard.mjs source yourself (it’s short and readable) to ensure the deny messages and thresholds match your workflow. 5) If you plan to install via npm, prefer the official package name shown in package.json and verify its integrity (checksums/signature) if possible. The inconsistencies are packaging/metadata quality issues — not indicators of covert exfiltration or unrelated privilege requests — but you should resolve them before trusting the skill in a production agent.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.0.1
Download zip
latestvk979absagmevjq3fkdnhyn9st583y3tc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

wip-file-guard - StaJ

Hook that blocks destructive edits to protected identity files. For Claude Code CLI and OpenClaw.

When to Use This Skill

Use wip-file-guard for:

  • Protecting CLAUDE.md, SOUL.md, IDENTITY.md, MEMORY.md, and other identity files from being overwritten
  • Blocking AI agents from replacing file content instead of extending it
  • Surviving context compaction (behavioral rules get erased, but hooks don't)

This is a technical guardrail, not a prompt. It blocks the operation before it happens.

Do NOT Use For

  • Protecting binary files or images
  • Blocking all edits (it allows small edits, only blocks destructive ones)
  • Repos without identity files

How It Works

Two rules:

  1. Write is blocked on protected files. Always. Use Edit instead.
  2. Edit is blocked when it removes more than 2 net lines from a protected file.

Protected Files

CLAUDE.md, SHARED-CONTEXT.md, SOUL.md, IDENTITY.md, CONTEXT.md, TOOLS.md, MEMORY.md

Protected Patterns

Any file matching: memory, memories, journal, diary, daily log

API Reference

CLI

node guard.mjs --list          # list protected files
bash test.sh                   # run test suite

Claude Code Hook

Add to ~/.claude/settings.json:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [
          {
            "type": "command",
            "command": "node \"/path/to/wip-file-guard/guard.mjs\"",
            "timeout": 5
          }
        ]
      }
    ]
  }
}

Troubleshooting

Agent keeps trying to Write

The deny message tells the agent to re-read the file and use Edit instead. If the agent ignores it, it's likely post-compaction and has lost context. The hook will keep blocking.

Edit blocked unexpectedly

Check the net line removal. Edits that remove more than 2 lines from a protected file are blocked. Small edits (adding or replacing 1-2 lines) are allowed.

Files

9 total
Select a file
Select a file to preview.

Comments

Loading comments…