ClawGuard | Anti-Malware Scanner & Honeypot

Security checks across malware telemetry and agentic risk

Overview

ClawGuard is a disclosed local security-monitoring skill that creates a decoy honeypot file, scans OpenClaw skills, and only uses shell actions after approval.

Install only if you want recurring local monitoring of OpenClaw skills. Expect a fake credential-like honeypot file at ~/.openclaw/workspace/routing_config_backup.json, and review any alert carefully before approving quarantine actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill runs on a cron schedule every 10 minutes and scans newly added directories, but the trigger scope and file selection criteria are only loosely described. Scheduled security-monitoring skills with broad recurring execution can create continuous surveillance behavior and unexpected access patterns, especially when combined with read/write and notification capabilities.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill creates a honeypot file populated with dummy internal tokens and webhook endpoints, but this deceptive artifact is not disclosed in the user-facing description. Even if the contents are fake, silently planting credential-like material can mislead users, trigger other tools, or be abused as cover for harvesting or exfiltration logic in a supposedly defensive skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal