Hook Guard
v1.0.0钩子守卫。为 Agent 操作添加安全防护层——文件修改前自动备份、危险命令执行前拦截确认、敏感操作自动告警通知用户。触发词:安全检查、hook guard、守卫、备份保护、安全模式、操作审计。也可在 AGENTS.md 中配置为始终生效。
⭐ 0· 47·0 current·0 all-time
by@wavmson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (a guard that intercepts risky operations, does backups, and logs actions) matches the SKILL.md and README. The skill requests no binaries, environment variables, or credentials — all proportional to an instruction-only guard. The listed triggers (rm, sudo, service control, publishing, config edits) are reasonable for this purpose.
Instruction Scope
The SKILL.md explicitly instructs the agent to classify actions, pause on Red hooks, create backups under ~/.openclaw/workspace-main/.hook-guard/backups/, and write an audit log at ~/.openclaw/workspace-main/.hook-guard/audit.log. These actions necessarily require the agent to read and write files and to inspect intended commands/targets before execution. That is expected, but the instructions are broad (leave discretionary judgment to the agent) and assert guarantees (e.g., 'logs do not contain sensitive content') that are not programmatically enforced in the doc — correctness depends on the agent's implementation and discipline. It also suggests editing AGENTS.md to make the skill always-on, which modifies other agent configuration if applied.
Install Mechanism
No install spec is embedded in the skill bundle (instruction-only). README mentions installing via clawhub or git clone from a GitHub repo; those are external manual install pathways, not automatic downloads. There is no automated download/extract or untrusted URL in the skill package itself.
Credentials
The skill declares no required env vars, no credentials, and no config paths apart from suggested backup/log directories under the user's OpenClaw workspace. These requests align with its function and are proportionate.
Persistence & Privilege
The skill is not marked always:true and is user-invocable by default. The README/SKILL.md recommends adding rules to AGENTS.md to make Hook Guard always effective; that would grant it broader persistence/system configuration changes if the user applies them. The skill itself does not include code that force-enables persistence, but it instructs modifying agent config — users should be aware this is a change to agent behavior/policy.
Assessment
Hook Guard is internally coherent: it aims to intercept high-risk agent actions, back up modified files, and keep an audit log, and it does not request credentials or install arbitrary software. Before enabling it: 1) Verify where backups and audit logs will be written (default: ~/.openclaw/workspace-main/.hook-guard/) and ensure you’re comfortable with that storage and retention policy; 2) Confirm the agent actually follows the 'no sensitive content in logs' policy in practice (test with safe files) because the SKILL.md makes assertions but provides no enforcement code; 3) If you consider making it always-on by editing AGENTS.md, understand that this changes agent-wide behavior and will affect other skills/agents — test in a safe/non-production environment first; 4) If you plan to install the optional GitHub clone mentioned in README, inspect that repository before cloning to ensure no hidden install scripts; and 5) keep in mind that this skill is instruction-only — its safety depends on the agent honoring the instructions, not on enforced sandboxing or packaged code.Like a lobster shell, security has layers — review code before you run it.
latestvk9729b43bmejy9zknggya2tpk9840ewd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.