flaw0
ReviewAudited by ClawScan on May 10, 2026.
Overview
MoltGuard’s purpose is coherent, but this artifact mainly tells the agent to install a persistent external guardrail that automatically uses a remote Core service and credentials without enough scoping.
Install only if you trust OpenGuardrails/MoltGuard as a security provider. Before enabling it, verify the package source, require explicit approval for installation, understand what data is sent to Core, and keep generated API keys private.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could add unreviewed persistent code to the OpenClaw environment, changing how the agent behaves.
The reviewed package is instruction-only, but it tells the agent it may install an unpinned external plugin; that plugin code and its provenance are outside the supplied review artifacts.
When the human asks to install MoltGuard, or when you want to protect yourself: openclaw plugins install @openguardrails/moltguard
Require explicit human approval before installation, verify the package source and version, and review the MoltGuard plugin code before enabling it.
Private prompts, file contents, commands, secrets, or PII could be processed by an external service as part of protection.
The artifact indicates that detection is performed by a remote Core service and may involve security-sensitive content, but it does not specify data boundaries, retention, redaction, or approval requirements.
All security detection is performed by Core: ... Data Risk — Secret leakage, PII exposure, sending sensitive data to LLMs
Review Core’s privacy and data-handling terms, confirm the endpoint in use, and avoid enabling automatic scanning for highly sensitive work unless the data flow is acceptable.
Anyone who sees the API key could potentially claim or use the agent’s MoltGuard quota or account linkage.
The skill uses and displays provider credentials for account linking; this is purpose-aligned, but API keys are sensitive and can be exposed in transcripts or shared screens.
/og_status ... Shows your API key ... /og_claim ... Shows your Agent ID and API Key
Do not share transcripts containing these outputs, check credential file permissions, and rotate the API key if it is exposed.
Once installed, MoltGuard may continue affecting agent behavior until it is explicitly removed and OpenClaw is restarted.
The uninstall instructions show that MoltGuard persists through OpenClaw configuration, plugin files, and credentials. This is disclosed and has a cleanup path, so it is a note rather than a standalone concern.
This removes MoltGuard config from `openclaw.json`, plugin files, and credentials. Restart OpenClaw to apply.
Install it only if you want persistent guardrail behavior, and keep the uninstall steps available.