Claw Gatekeeper
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: claw-gatekeeper Version: 0.1.0 The claw-gatekeeper bundle is a comprehensive security framework designed to provide 'Human-in-the-Loop' oversight for OpenClaw agents. It features a sophisticated risk assessment engine (risk_engine.py) that identifies dangerous shell commands, sensitive file access, and suspicious network requests using extensive regex patterns. The system enforces mandatory user confirmation for high-risk actions while providing session-based auto-approval for lower risks to mitigate alert fatigue. All components, including the audit logger (audit_log.py), session manager (session_manager.py), and data sanitizer (sanitizer.sh), are logically aligned with its stated purpose of hardening agent security and lack any indicators of malicious intent or data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After one approval, the agent may continue with other risky shell, install, or network actions without asking again during that session.
The skill can let one user approval cover additional high-impact operations during the session, but the artifacts do not clearly define how narrowly 'similar' operations are matched.
HIGH risk: "Executing shell commands", "Installing skills from external sources", "Network requests to external domains" ... "[s] Allow for this session ⭐ RECOMMENDED" ... "Similar HIGH risk operations will be auto-approved"
Use per-action approval for HIGH-risk categories unless the matching rules are narrowly defined and reviewed; avoid session approval for shell execution, external installs, and network transfers.
A user may install and persist a broad control layer without carefully reviewing what it changes.
The documentation encourages delegating installation of a persistent security-control skill to an agent and discourages human setup review.
"Copy and paste this prompt to your LLM agent" ... "Make it a persistent skill" ... "seriously, let an agent do it. Humans fat-finger configs."
Do not delegate persistent security-tool installation blindly; read the install commands, verify the source, and approve each setup step yourself.
If the upstream release changes or is compromised, the installed persistent skill could differ from what was reviewed here.
The documented install path pulls an unpinned latest release from GitHub before persisting the skill.
curl -L -o claw-gatekeeper.skill https://github.com/stephenlzc/claw-gatekeeper/releases/latest/download/claw-guardian.skill openclaw skill install claw-guardian.skill openclaw skill persist claw-guardian
Prefer a registry install or a pinned release version with a verified checksum before persisting the skill.
An accidental or overly broad whitelist entry could make future risky operations easier to run without review.
The skill stores policy decisions such as whitelists/blacklists that can affect future agent behavior.
"[Y] Always allow (add to whitelist)" ... "Similar operations will be auto-allowed in the future" ... "Be careful not to whitelist dangerous operations"
Use permanent whitelists sparingly, review them regularly, and prefer one-time approvals for operations that modify files, run commands, install skills, or access sensitive paths.
The skill will continue affecting future OpenClaw sessions until disabled or removed.
The skill is explicitly designed to remain active across sessions and influence agent decisions.
"This skill should be loaded as a persistent/resident skill in OpenClaw."
Only enable persistence if you trust the skill and know how to remove it or clear its policies and session approvals.