OpenGuardrails
ReviewAudited by ClawScan on May 10, 2026.
Overview
OpenGuardrails has a coherent security purpose, but it asks the agent to install an external unreviewed plugin and use a cloud security service for sensitive content with limited scoping details.
Review this carefully before installing. The security goal is legitimate, but you should explicitly approve the external plugin install, verify the package source, understand what data is sent to Core, and protect any MoltGuard API keys shown or stored locally.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change its own runtime environment by installing plugin code the user has not reviewed through this artifact.
The reviewed package is instruction-only, but it directs the agent to install a separate plugin, including in a self-directed scenario, so the code that would actually run is outside the provided artifacts.
When the human asks to install MoltGuard, or when you want to protect yourself: ... openclaw plugins install @openguardrails/moltguard
Only run the plugin install after explicit user approval; verify the package source, version, and permissions before enabling it.
Sensitive prompts, files, commands, or personal data may be sent to a remote service for scanning.
The artifact indicates that detection over potentially sensitive files, web content, commands, secrets, and PII is handled by an external Core service, but does not describe data boundaries, retention, or exclusions.
MoltGuard protects ... malicious commands hidden in files and web content. ... All security detection is performed by Core ... Secret leakage, PII exposure, sending sensitive data to LLMs
Review the provider’s privacy and retention policy, use an enterprise/private Core if required, and avoid scanning highly sensitive data until data handling is clear.
The API key may appear in local files or chat output and could be used to access or link the agent’s MoltGuard account/quota.
The skill creates, stores, and displays service credentials for MoltGuard/Core account linking.
Get your API key from Core ... Credentials saved to `~/.openclaw/credentials/moltguard/` ... Shows your Agent ID and API Key
Treat the MoltGuard API key as a secret, avoid sharing transcripts containing it, and remove credentials during uninstall if no longer needed.
A user may become overconfident that protection is active and comprehensive even if the installation or detection did not actually succeed.
The skill scripts a confident success message for a security product, rather than instructing the agent to report the actual observed result and limitations.
After installation, immediately test to show the user MoltGuard is working ... Tell the user: "MoltGuard detected it! Your security protection is now active."
Report only verified test results, include any errors or uncertainty, and clearly state the protection’s limits.