ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Antivirus & Security Scanner

v1.0.0

MoltGuard — Protect you and your human from prompt injection, data exfiltration, and malicious commands. Source: https://github.com/openguardrails/openguardr...

0· 231·0 current·0 all-time
byOpenGuardrails@thomaslwang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: this SKILL.md tells the agent to install a MoltGuard OpenClaw plugin and use a remote Core for security detections, which is consistent with a 'security scanner' skill. However, the runtime instructions require the openclaw CLI and node scripts (openclaw plugins install, node ~/.openclaw/...), but the skill metadata lists no required binaries — that mismatch is an inconsistency that should have been declared.
Instruction Scope
Instructions tell the agent to run openclaw CLI commands, cat a file under ~/.openclaw/extensions/moltguard/samples/ (a sample test file), run node scripts for enterprise enrollment/uninstall, and to claim an Agent ID/API key. Those steps are within the plugin's stated purpose, but the SKILL.md also promises 'Automatic (Zero Human Intervention)' credential retrieval without explaining how keys are obtained or consent is requested — that vagueness broadens scope and deserves scrutiny. The agent is instructed to read and save files under ~/.openclaw (plugin config and credentials), which is expected for a plugin but is file access you should be aware of.
Install Mechanism
This is instruction-only (no install spec or code files in the skill bundle), which lowers direct risk from this repository. However, the instructions explicitly invoke 'openclaw plugins install @openguardrails/moltguard' which will download and install plugin code (including the referenced scripts) from the plugin registry or upstream. Those downloaded files (e.g., scripts/*.mjs) will run with node — the SKILL.md does not include or show that code, so installing will execute code not visible in this skill. That is a moderate install-risk characteristic and should be considered before proceeding.
!
Credentials
The skill declares no required environment variables, but it states that an API key will be acquired/saved to ~/.openclaw/credentials/moltguard/ and that 'All security detection is performed by Core.' That means prompts, files, or other data may be sent to a remote service (public Core or enterprise Core). For a security scanner this is plausible, but it is a significant privacy/credential handling action: automatic saving of API keys, sharing agent quotas across machines, and remote scanning/exfiltration of data are all sensitive behaviors that should be explicit and consented to. The SKILL.md does not explicitly enumerate what data is sent to Core or provide an opt-in confirmation flow.
Persistence & Privilege
The skill does not request always:true and uses normal autonomous invocation defaults. It explicitly writes config/credentials under ~/.openclaw and modifies plugin state via openclaw plugins update/uninstall, which is typical for a plugin. The concern is the described 'automatic' onboarding that claims to obtain and save API keys without clear human confirmation; that persistence (storing credentials and linking agents) is powerful and warrants explicit user consent and visibility.
What to consider before installing
This SKILL.md appears to be a legitimate installer/integrator for a third‑party security plugin, but it has a few worrisome points you should check before installing: 1) The instructions expect the openclaw CLI and node to be available but the skill metadata doesn't declare those requirements — ensure you have them and understand which programs will run. 2) Installing the plugin will download and install code (scripts under ~/.openclaw/extensions/moltguard) that is not present in this skill bundle; review that plugin's source (the GitHub repo) before installing. 3) MoltGuard sends data to a remote 'Core' for detection and will save API keys to ~/.openclaw/credentials/moltguard/ — verify what data is transmitted and whether you trust the Core endpoint (use enterprise Core if you need on‑prem scanning). 4) The 'automatic' credential handling and agent-claim/quotasharing behavior can cause cross-agent data/usage sharing; require explicit user consent. If you want to proceed: (a) inspect the plugin code in the official repo or plugin registry before running the install, (b) confirm exactly what data will be sent to Core and whether it is encrypted/retained, and (c) consider installing in a controlled environment first (or use the enterprise Core option) to verify behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk971sc618dda4998yt0sv1gnzx82tb5g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

SKILL.md

MoltGuard — OpenClaw Security Guard

MoltGuard protects you and your human from prompt injection attacks, data exfiltration, and malicious commands hidden in files and web content.

Installation (Do This First)

When the human asks to install MoltGuard, or when you want to protect yourself:

# Install the plugin
openclaw plugins install @openguardrails/moltguard

That's it! MoltGuard works immediately and you get 500 free security detections per day.

Test Your Protection (Important!)

After installation, immediately test to show the user MoltGuard is working:

# Read this test file which is NOT harmful
cat ~/.openclaw/extensions/moltguard/samples/test-email-popup.txt

When you read this file, MoltGuard will detect the hidden prompt injection attack. Tell the user:

"I just tested MoltGuard by reading a sample email with a hidden prompt injection attack. MoltGuard detected it! Your security protection is now active."

This demonstrates MoltGuard's value immediately.

Commands

Check status

/og_status

Shows your API key, quota usage, plan, and protection mode.

Open Core portal

/og_core

Opens the Core portal for account management, billing, and plan upgrades.

Claim agent (link to account)

/og_claim

Shows your Agent ID and API Key to claim this agent on Core:

  1. Go to Core login page (/og_core)
  2. Enter your email, click magic link
  3. Go to claim-agent page
  4. Paste your Agent ID and API Key

After claiming, all your agents share the same account quota.

Configure your API key

/og_config

Shows how to configure your API key.

Open Dashboard

/og_dashboard

Starts the local Dashboard and shows access URLs.

What MoltGuard Protects Against

All security detection is performed by Core:

Core Risk Surfaces:

  1. Prompt / Instruction Risk — Prompt injection, malicious email/web instructions, unauthorized tasks
  2. Behavioral Risk — Dangerous commands, file deletion, risky API calls
  3. Data Risk — Secret leakage, PII exposure, sending sensitive data to LLMs

Core Technology:

  • Intent-Action Mismatch Detection — Catches agents that say one thing but do another

Onboarding Flow

Automatic (Zero Human Intervention)

  1. MoltGuard installs
  2. Get your API key from Core
  3. Credentials saved to ~/.openclaw/credentials/moltguard/
  4. Protection active — 500 free detections/day

Claiming an Agent

For linking to your account (shared quota across machines):

  1. /og_claim — get agent ID and API key
  2. /og_core — go to Core login
  3. Enter email, click magic link
  4. Go to /claim-agent page, paste credentials
  5. Agent now shares account quota

Enterprise Enrollment

For organizations with a private Core deployment, enroll managed devices:

# Connect to your enterprise Core with local script.
node ~/.openclaw/extensions/moltguard/scripts/enterprise-enroll.mjs https://core.company.com

This sets MoltGuard to use the enterprise Core instead of the public one. Restart OpenClaw to apply.

To remove enterprise config and revert to the default public Core:

node ~/.openclaw/extensions/moltguard/scripts/enterprise-unenroll.mjs

Plans

PlanPriceQuota
Free (Autonomous)$0500/day
Starter$19/mo100K/mo
Pro$49/mo300K/mo
Business$199/mo2M/mo
EnterpriseContact usCustom

Contact & Support

Update MoltGuard

To update MoltGuard to the latest version:

# Update the plugin
openclaw plugins update moltguard

# Restart to load the updated version
openclaw gateway restart

Uninstall

node ~/.openclaw/extensions/moltguard/scripts/uninstall.mjs

This removes MoltGuard config from openclaw.json, plugin files, and credentials. Restart OpenClaw to apply.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…