ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

config-guardian

v1.0.4

Protect openclaw.json with automatic rollback, lock mode, multi-version baseline snapshots, audit log, and SIGUSR1 gateway hot-reload. Use when you need to s...

0· 162·0 current·0 all-time
by@xbcvv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the files and scripts. Required binaries (inotifywait, jq, sha256sum) and root permissions are reasonable and necessary for filesystem monitoring, JSON state handling, and checksum verification. The scripts operate on /root/.openclaw/openclaw.json as advertised.
Instruction Scope
SKILL.md and the scripts confine actions to monitoring, snapshotting, validating (via openclaw CLI), baseline management, rollback, and sending SIGUSR1 to the gateway. The only network-facing behavior is sending alerts by invoking the local 'openclaw message send' CLI — the guardian itself does not open sockets or download code. Note: the package states "no network access" but also documents the gateway-based alert path; this is explained in the docs (guardian relies on gateway to perform network I/O).
Install Mechanism
There is no external download; install.sh copies the bundled script to /usr/local/bin, writes a systemd unit, creates backup dirs, and enables the service. No remote URLs, shorteners, or archive extraction are used.
Credentials
The skill requests no external credentials or env vars. It requires root access to read/write /root/.openclaw and to signal the gateway; that is proportionate to the described operations. It does call the openclaw CLI (assumes a deployed gateway), which is documented and checked by the installer.
Persistence & Privilege
Installs a systemd service and a binary under /usr/local/bin and runs as root — expected for a persistent filesystem/daemon guard. always:false and normal autonomous invocation are used. The skill does not alter other skills' configurations.
Assessment
This skill is internally consistent with its purpose, but read these points before installing: (1) It runs as root and writes/reads files under /root/.openclaw — ensure you trust the script and keep backups. (2) The guardian sends alerts by calling the local 'openclaw message send' command (itself responsible for any network deliveries); confirm your OpenClaw gateway and its configured channels (Discord ID, Telegram target) are trusted. (3) The installer enforces a self-checksum: when you update the guardian script you must recompute and store the SHA256 file or the service will refuse to start (fail-closed behavior). (4) Review the bundled openclaw-config-guardian.sh for any site-specific hardcoded IDs/paths you don’t want (the alert channel/target IDs are embedded). (5) Consider testing in a staging system first (ensure baseline.bak is valid before enabling the service) so you don’t accidentally lock production configs. If you want additional assurance, ask the author for signed releases or an independent code review of the script.

Like a lobster shell, security has layers — review code before you run it.

latestvk971wp1c491z3hq4apjvep8sdh83770r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsinotifywait, jq, sha256sum

Comments