Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
superguard
v1.0.0MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
⭐ 0· 30·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to install MoltGuard (a guard for prompt injection and data exfiltration) and instructs the agent to run openclaw plugin commands and node scripts once installed. That purpose aligns with the described functionality, but the registry metadata declares no required binaries while the instructions clearly require the 'openclaw' CLI and 'node' for scripts—an inconsistency that should be resolved.
Instruction Scope
The runtime instructions are focused on installing/using the MoltGuard plugin and testing it. They instruct reading a sample file inside the extension directory, running openclaw plugin commands, and running node scripts for enterprise enroll/unenroll and uninstall. These steps are within the plugin's scope, but they direct the user/agent to reveal and store API keys and to perform actions that rely on a remote Core service (account claim, dashboard, quota), so the operator should understand where credentials will go and what external endpoints are contacted.
Install Mechanism
This is an instruction-only skill with no bundled install spec; the SKILL.md tells users to run 'openclaw plugins install @openguardrails/moltguard', which will fetch and execute external plugin code not present in this package. The skill gives no cryptographic provenance or pinned source for that package. Installing an external plugin is expected for this purpose, but the lack of an included install provenance or packaged code means you are about to fetch code from outside the registry — a higher-risk action that should be verified (e.g., check the upstream repo/official release).
Credentials
The registry lists no required environment variables, which matches the package being instruction-only. However SKILL.md repeatedly references an API key, storing credentials at '~/.openclaw/credentials/moltguard/', and commands that display the API key (/og_status). Requiring and storing an API key is reasonable for a cloud-managed guard, but the skill will cause you to generate/provide sensitive credentials and potentially paste them into external web pages. That is proportionate to the stated purpose but carries predictable sensitive-data risk that the user must accept and validate the Core endpoint for.
Persistence & Privilege
The skill does not request 'always: true' and does not declare changes to other skills or system-wide settings beyond installing and configuring its own plugin. It does describe saving credentials and starting persistent protection (expected behavior). Autonomous invocation remains enabled by default (normal) but is not in itself flagged here.
What to consider before installing
This SKILL.md appears to describe a real security plugin, but before installing: 1) verify the plugin package source (openclaw plugin '@openguardrails/moltguard') and inspect the code it will install (don’t blindly run install commands); 2) confirm you trust the Core endpoint and the openguardrails GitHub repo — the plugin will ask for and store an API key in ~/.openclaw/credentials/moltguard/ and may send data to Core; 3) ensure your system has the required tools ('openclaw' CLI and 'node') even though the registry declared none; 4) note metadata inconsistencies (ownerId/version differences and odd text in the description) — ask the publisher to clarify provenance if you rely on this for security; and 5) if you proceed, inspect the installed extension files and network activity and avoid pasting secret keys into unknown web pages until you confirm the identity of the vendor. If you want higher assurance, request a packaged install artifact or signed release and a clear provenance chain.Like a lobster shell, security has layers — review code before you run it.
latestvk97ctjqm9kqtqvn2rmyq0dpsmn8448cx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis