HostGuard
PassAudited by ClawScan on May 1, 2026.
Overview
HostGuard is a coherent local security-check skill that uses standard local inspection commands and only proposes a narrowly scoped configuration change with user permission.
This skill appears safe for its stated purpose. Expect it to inspect local OpenClaw configuration and listener state; approve file changes only if you understand that binding to 127.0.0.1 will restrict access to the local machine.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect local OpenClaw-related network binding and privilege information using normal system commands.
The skill instructs the agent to use local system tools to inspect network listeners and process/user state. This is a tool-use capability, but it is clearly disclosed and directly supports the stated security-check purpose.
Use system commands to check if the port is listening: - `lsof -i :{port}` ... - `netstat -tlnp | grep {port}` ...Review command output before acting on it, and only approve any proposed configuration change if it matches your intended OpenClaw setup.
If approved, the skill may change an OpenClaw host setting so the service binds to localhost, which can affect remote or LAN access to OpenClaw.
The skill can guide a configuration file edit, which is a local mutation capability. The artifact limits the edit to an existing host setting, requires user permission, and requires a backup, making it purpose-aligned and bounded.
Never modify files without explicit user permission ... Before editing, create a `.bak` backup beside the file ... Change only the host value to `127.0.0.1`
Only approve the fix if you want OpenClaw restricted to localhost, and keep the generated backup until you confirm everything still works.