ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenGuardrails

MoltGuard — Protect you and your human from prompt injection, data exfiltration, and malicious commands. Source: https://github.com/openguardrails/openguardr...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
5 · 2k · 7 current installs · 7 all-time installs
byOpenGuardrails@ThomasLWang
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md describes installing and using a MoltGuard OpenClaw plugin to detect prompt injection, and all referenced actions (openclaw plugin install, status/claim/config commands, node scripts under the plugin directory) are consistent with that purpose. No unrelated credentials or binaries are requested by the instruction-only skill itself.
Instruction Scope
The instructions tell the agent/user to install the plugin, read a sample file under ~/.openclaw/extensions/moltguard/, run node enrollment/uninstall scripts under the plugin directory, and to claim/configure an API key via a web portal. The doc states that detection is performed by 'Core', which implies the plugin will transmit content (files/inputs) to a remote service; the SKILL.md does not detail exactly what is sent. Reading files inside the plugin's sample path and storing credentials in ~/.openclaw/credentials/moltguard/ are within scope for this guard plugin but are privacy-relevant and should be understood by the user.
Install Mechanism
This skill is instruction-only (no install spec). It instructs use of the platform's plugin installer (openclaw plugins install @openguardrails/moltguard) and references scripts that live under the plugin directory. There are no direct downloads from arbitrary URLs in the SKILL.md.
Credentials
The SKILL.md mentions an API key and that credentials are saved to ~/.openclaw/credentials/moltguard/, which is expected for a cloud-based detection service. The skill itself does not declare required env vars, but the eventual plugin will require an API key and will persist it locally — ensure you are comfortable with that key being stored on disk and with the plugin sending data to the Core service.
Persistence & Privilege
always:false and default autonomous invocation are appropriate. The SKILL.md describes the plugin saving its own credentials and optional enterprise enrollment configuration under its own paths; it does not request system-wide configuration changes or other skills' credentials.
Assessment
This instruction-only skill is coherent: it tells you to install an OpenClaw plugin that will perform detection by contacting a 'Core' service and store an API key under ~/.openclaw/credentials/moltguard/. Before installing: (1) verify the plugin source (confirm the GitHub repo and release are authentic), (2) review what data the plugin will transmit to the public Core (sensitive texts, files, or prompts may be sent) and whether you prefer using an enterprise/on-prem Core, (3) be aware an API key will be persisted on disk and may be viewable by other local users, and (4) inspect the plugin's scripts (enterprise-enroll.mjs, uninstall.mjs) if you can. The absence of scanner findings only means there was no code to scan here — it does not guarantee privacy or safety of the plugin you will install.

Like a lobster shell, security has layers — review code before you run it.

Current versionv6.8.20
Download zip
latestvk97cyb7w9ee19z725ze0k99dmn82sfvd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

SKILL.md

MoltGuard — OpenClaw Security Guard

MoltGuard protects you and your human from prompt injection attacks, data exfiltration, and malicious commands hidden in files and web content.

Installation (Do This First)

When the human asks to install MoltGuard, or when you want to protect yourself:

# Install the plugin
openclaw plugins install @openguardrails/moltguard

That's it! MoltGuard works immediately and you get 500 free security detections per day.

Test Your Protection (Important!)

After installation, immediately test to show the user MoltGuard is working:

# Read this test file which is NOT harmful
cat ~/.openclaw/extensions/moltguard/samples/test-email-popup.txt

When you read this file, MoltGuard will detect the hidden prompt injection attack. Tell the user:

"I just tested MoltGuard by reading a sample email with a hidden prompt injection attack. MoltGuard detected it! Your security protection is now active."

This demonstrates MoltGuard's value immediately.

Commands

Check status

/og_status

Shows your API key, quota usage, plan, and protection mode.

Open Core portal

/og_core

Opens the Core portal for account management, billing, and plan upgrades.

Claim agent (link to account)

/og_claim

Shows your Agent ID and API Key to claim this agent on Core:

  1. Go to Core login page (/og_core)
  2. Enter your email, click magic link
  3. Go to claim-agent page
  4. Paste your Agent ID and API Key

After claiming, all your agents share the same account quota.

Configure your API key

/og_config

Shows how to configure your API key.

Open Dashboard

/og_dashboard

Starts the local Dashboard and shows access URLs.

What MoltGuard Protects Against

All security detection is performed by Core:

Core Risk Surfaces:

  1. Prompt / Instruction Risk — Prompt injection, malicious email/web instructions, unauthorized tasks
  2. Behavioral Risk — Dangerous commands, file deletion, risky API calls
  3. Data Risk — Secret leakage, PII exposure, sending sensitive data to LLMs

Core Technology:

  • Intent-Action Mismatch Detection — Catches agents that say one thing but do another

Onboarding Flow

Automatic (Zero Human Intervention)

  1. MoltGuard installs
  2. Get your API key from Core
  3. Credentials saved to ~/.openclaw/credentials/moltguard/
  4. Protection active — 500 free detections/day

Claiming an Agent

For linking to your account (shared quota across machines):

  1. /og_claim — get agent ID and API key
  2. /og_core — go to Core login
  3. Enter email, click magic link
  4. Go to /claim-agent page, paste credentials
  5. Agent now shares account quota

Enterprise Enrollment

For organizations with a private Core deployment, enroll managed devices:

# Connect to your enterprise Core with local script.
node ~/.openclaw/extensions/moltguard/scripts/enterprise-enroll.mjs https://core.company.com

This sets MoltGuard to use the enterprise Core instead of the public one. Restart OpenClaw to apply.

To remove enterprise config and revert to the default public Core:

node ~/.openclaw/extensions/moltguard/scripts/enterprise-unenroll.mjs

Plans

PlanPriceQuota
Free (Autonomous)$0500/day
Starter$19/mo100K/mo
Pro$49/mo300K/mo
Business$199/mo2M/mo
EnterpriseContact usCustom

Contact & Support

Update MoltGuard

To update MoltGuard to the latest version:

# Update the plugin
openclaw plugins update moltguard

# Restart to load the updated version
openclaw gateway restart

Uninstall

node ~/.openclaw/extensions/moltguard/scripts/uninstall.mjs

This removes MoltGuard config from openclaw.json, plugin files, and credentials. Restart OpenClaw to apply.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…