ClawGuard | Anti-Malware Scanner & Honeypot
ReviewAudited by ClawScan on May 1, 2026.
Overview
ClawGuard is coherent for a local IDS/honeypot skill, but users should notice that it runs on a schedule, creates a fake-token honeypot file, and can quarantine items only after approval.
If you install this, expect periodic local monitoring of ~/.openclaw, a dummy honeypot credential file in the workspace, and alerts that ask for approval before quarantine. Review the reported path carefully before approving any kill or mv action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may wake up every 10 minutes to inspect new skill directories and notify you about suspicious files.
The skill is designed to run periodically as a monitoring agent. This is purpose-aligned for an IDS, but it is still persistent behavior.
cron: "*/10 * * * *"
Install only if you want scheduled local monitoring, and confirm you can disable or remove the skill if you no longer need it.
Approving a quarantine action could stop a process or move a skill file, potentially disabling a legitimate skill if the alert is wrong.
The skill can use shell commands to stop or move suspected threats. The artifact includes an approval gate and limits commands, making this purpose-aligned but high-impact if a false positive is approved.
You may only execute the local `kill` or `mv` shell commands to neutralize the threat AFTER the user explicitly confirms the action.
Before replying APPROVE, inspect the reported skill name/path and only approve quarantine for items you recognize as unsafe.
A fake backup/config file will be placed in the workspace and may look like it contains internal tokens.
The honeypot intentionally creates credential-looking persistent content. It is described as dummy data, but other agents or tools could encounter and misinterpret it.
Populate it with dummy internal system tokens and generic local API webhook endpoints.
Keep the honeypot file scoped to the intended directory and avoid using its contents as real configuration or credentials.
You have less external information to verify who maintains the security scanner.
The package does not provide a source repository or homepage. This is not unsafe by itself, especially for an instruction-only skill, but it limits provenance review for a security tool.
Source: unknown; Homepage: none
Verify the publisher and review the included instructions before granting the skill scheduled local monitoring permissions.