MoltGuard - Security & Antivirus & Guardrails
ReviewAudited by ClawScan on May 10, 2026.
Overview
MoltGuard appears to be a security tool, but its instructions encourage installing and activating an external plugin with automatic cloud-backed scanning and credential creation without enough reviewable scope or user-control detail.
Treat this as a review-before-install skill. Its security purpose is plausible, but only install it after you intentionally approve the external plugin, understand what data Core receives, and are comfortable with automatic credential creation and persistent OpenClaw configuration changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill could lead the agent to fetch and activate additional unreviewed plugin code that changes OpenClaw behavior.
The reviewed package is instruction-only, yet it directs the agent to install a separate plugin package. The wording also permits installation based on the agent's own judgment, not only an explicit user request.
When the human asks to install MoltGuard, or when you want to protect yourself: openclaw plugins install @openguardrails/moltguard
Install only after the user explicitly approves the plugin package and reviews its source, install source, and permissions.
Sensitive prompts, file/web content, commands, or PII may be sent to the provider's Core service for analysis.
The skill discloses that an external Core service performs detection over prompts, behavior, commands, PII, and secret-leakage risks, but the artifact does not define data boundaries, retention, exclusions, or when content is transmitted.
All security detection is performed by Core: Core Risk Surfaces: 1. Prompt / Instruction Risk ... 2. Behavioral Risk — Dangerous commands, file deletion, risky API calls 3. Data Risk — Secret leakage, PII exposure, sending sensitive data to LLMs
Before enabling, verify the provider's data handling terms and confirm what content is sent, logged, retained, or excluded.
A local API key will be created and stored for MoltGuard, and compromise of that credential could affect the linked service account or quota.
The skill creates and stores a provider API key locally. This is purpose-aligned for an account-backed security service, but it is sensitive credential handling that users should notice.
Get your API key from Core Credentials saved to `~/.openclaw/credentials/moltguard/`
Protect the local credentials directory, avoid sharing command output that reveals API keys, and rotate the key if it is exposed.
The agent may activate persistent security monitoring and provider credentials without a clear approval checkpoint.
The onboarding flow describes installation, credential acquisition, credential storage, and activation without human intervention, which is high-impact persistence and account setup for an agent security component.
Automatic (Zero Human Intervention) 1. MoltGuard installs 2. Get your API key from Core 3. Credentials saved to `~/.openclaw/credentials/moltguard/` 4. Protection active
Require explicit user confirmation before install, account/key creation, persistent configuration changes, or activation.