ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

flaw0

MoltGuard — Protect you and your human from prompt injection, data exfiltration, and malicious commands. Source: https://github.com/openguardrails/openguardr...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 1.7k · 5 current installs · 5 all-time installs
byOpenGuardrails@ThomasLWang
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a prompt‑injection/data‑exfiltration guard and instructs installing an OpenClaw plugin (@openguardrails/moltguard). That is coherent with the stated purpose. Minor inconsistency: the skill declares no required binaries but the instructions reference commands (openclaw, node, openclaw gateway restart, cat) that must be available to install/run the plugin.
!
Instruction Scope
The instructions tell the agent/human to install a plugin which will place files under ~/.openclaw/extensions/moltguard/ and save API keys under ~/.openclaw/credentials/moltguard/. The doc states that all detection is performed by a remote 'Core' service and includes steps to enroll an enterprise Core (node scripts sending a URL). The SKILL.md does not detail what data is sent to Core, how it's protected, or consent boundaries — meaning user content could be transmitted to an external service without explicit limits. It also instructs the agent to read a local sample file (expected) but otherwise grants broad discretion to use the plugin's commands and scripts.
Install Mechanism
This is an instruction‑only skill with no install spec or code files; it instructs the user to run 'openclaw plugins install @openguardrails/moltguard'. That implies code will be fetched from the OpenClaw plugin registry. Because the skill bundle does not include the plugin code, the actual install will pull code not present here — we cannot inspect it. This is not inherently malicious but reduces visibility.
Credentials
The skill itself requests no environment variables, which is reasonable for an instruction-only guide. However, the plugin it instructs to install will ask for and store an API key in ~/.openclaw/credentials/moltguard/, and the SKILL.md shows commands that can display that API key (/og_status). Storing and transmitting an API key is expected for a guarded external service, but the manual does not explain scope/permissions of that key or what user data will be forwarded to Core.
Persistence & Privilege
always is false and the skill does not request forced presence. The instructions describe storing plugin files and credentials under the user's OpenClaw directories and provide an uninstall script. Those behaviors are consistent with a normal plugin's persistence model and do not, by themselves, indicate elevated or cross‑skill privileges.
What to consider before installing
Key things to consider before installing: - This listing is instruction‑only and contains no plugin code — installing will fetch @openguardrails/moltguard from your OpenClaw plugin registry; review that plugin's source (e.g., the GitHub repo) before installing. - The plugin will store an API key locally (~/.openclaw/credentials/moltguard/) and uses a remote 'Core' service for detections. Confirm what data is sent to Core, retention policy, encryption, and jurisdiction/privacy implications. - The SKILL.md references running node and other commands but does not declare them; ensure your environment has expected runtimes and inspect any scripts the plugin installs (especially enterprise-enroll.mjs, enterprise-unenroll.mjs, uninstall.mjs) before executing. - If you want tighter control, test in an isolated agent or sandbox, create a limited‑scope API key if possible, and verify the plugin's update and uninstall behavior. - If you want more confidence, provide the actual plugin package or a link to the exact release artifact for a deeper review; that would raise confidence from medium to high.

Like a lobster shell, security has layers — review code before you run it.

Current versionv6.8.20
Download zip
latestvk970agbsmhqgag7s3x9grq7kth82r594

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

SKILL.md

MoltGuard — OpenClaw Security Guard

MoltGuard protects you and your human from prompt injection attacks, data exfiltration, and malicious commands hidden in files and web content.

Installation (Do This First)

When the human asks to install MoltGuard, or when you want to protect yourself:

# Install the plugin
openclaw plugins install @openguardrails/moltguard

That's it! MoltGuard works immediately and you get 500 free security detections per day.

Test Your Protection (Important!)

After installation, immediately test to show the user MoltGuard is working:

# Read this test file which is NOT harmful
cat ~/.openclaw/extensions/moltguard/samples/test-email-popup.txt

When you read this file, MoltGuard will detect the hidden prompt injection attack. Tell the user:

"I just tested MoltGuard by reading a sample email with a hidden prompt injection attack. MoltGuard detected it! Your security protection is now active."

This demonstrates MoltGuard's value immediately.

Commands

Check status

/og_status

Shows your API key, quota usage, plan, and protection mode.

Open Core portal

/og_core

Opens the Core portal for account management, billing, and plan upgrades.

Claim agent (link to account)

/og_claim

Shows your Agent ID and API Key to claim this agent on Core:

  1. Go to Core login page (/og_core)
  2. Enter your email, click magic link
  3. Go to claim-agent page
  4. Paste your Agent ID and API Key

After claiming, all your agents share the same account quota.

Configure your API key

/og_config

Shows how to configure your API key.

Open Dashboard

/og_dashboard

Starts the local Dashboard and shows access URLs.

What MoltGuard Protects Against

All security detection is performed by Core:

Core Risk Surfaces:

  1. Prompt / Instruction Risk — Prompt injection, malicious email/web instructions, unauthorized tasks
  2. Behavioral Risk — Dangerous commands, file deletion, risky API calls
  3. Data Risk — Secret leakage, PII exposure, sending sensitive data to LLMs

Core Technology:

  • Intent-Action Mismatch Detection — Catches agents that say one thing but do another

Onboarding Flow

Automatic (Zero Human Intervention)

  1. MoltGuard installs
  2. Get your API key from Core
  3. Credentials saved to ~/.openclaw/credentials/moltguard/
  4. Protection active — 500 free detections/day

Claiming an Agent

For linking to your account (shared quota across machines):

  1. /og_claim — get agent ID and API key
  2. /og_core — go to Core login
  3. Enter email, click magic link
  4. Go to /claim-agent page, paste credentials
  5. Agent now shares account quota

Enterprise Enrollment

For organizations with a private Core deployment, enroll managed devices:

# Connect to your enterprise Core with local script.
node ~/.openclaw/extensions/moltguard/scripts/enterprise-enroll.mjs https://core.company.com

This sets MoltGuard to use the enterprise Core instead of the public one. Restart OpenClaw to apply.

To remove enterprise config and revert to the default public Core:

node ~/.openclaw/extensions/moltguard/scripts/enterprise-unenroll.mjs

Plans

PlanPriceQuota
Free (Autonomous)$0500/day
Starter$19/mo100K/mo
Pro$49/mo300K/mo
Business$199/mo2M/mo
EnterpriseContact usCustom

Contact & Support

Update MoltGuard

To update MoltGuard to the latest version:

# Update the plugin
openclaw plugins update moltguard

# Restart to load the updated version
openclaw gateway restart

Uninstall

node ~/.openclaw/extensions/moltguard/scripts/uninstall.mjs

This removes MoltGuard config from openclaw.json, plugin files, and credentials. Restart OpenClaw to apply.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…