Security-Shield
PassAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only security guidance skill with no code or credential access; the main things to notice are documented exception modes and logging/admin claims that should not be treated as enforced controls without separate verification.
This skill appears safe as a defensive, instruction-only security reference. Before installing, verify the package name/slug, do not rely on its claimed logging or suspension features unless your OpenClaw platform actually provides them, and ensure testing or educational prefixes never authorize disclosure of real credentials, private configuration, or system instructions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or attacker could try to frame a request as testing or education to seek more detail than usual.
The skill documents user-supplied prefixes that change how security guidance is handled. This is purpose-aligned for educational/testing workflows, but prefixes alone should not be treated as authorization to reveal secrets or internal configuration.
Recognizes explicit "TESTING:" and "EDUCATIONAL:" prefixes - Allows controlled disclosure in sandboxed environments
Keep credential, system-prompt, and private-configuration protections active even in testing or educational modes; require explicit trusted approval for any real exception.
If logging is enabled elsewhere, sensitive prompts or exception details could be retained longer than expected.
Security event logs may persist sensitive request context. The package is instruction-only and does not show an implementation, redaction rules, retention policy, or exact fields logged.
All security events are logged for review: ```bash ~/.openclaw/logs/security-shield.log ```
Verify whether logging actually exists in your OpenClaw environment, and configure redaction, access controls, and retention before relying on or enabling detailed logs.
Users could overestimate the skill's ability to audit or control exceptions.
The documentation advertises audit logging and administrative suspension controls, but the supplied artifacts contain no code or install spec implementing those features. This is not evidence of malicious behavior, but users should not assume these controls are enforced by this package alone.
Detailed logging of all exceptions for security review ... clawhub security suspend --duration 30m --reason "debugging"
Treat these as documentation claims unless independently supported by the OpenClaw platform or another installed component.
Following the documentation literally could lead a user to install or update a differently named package.
The documented install command uses security-shield-enhanced, while the evaluated registry slug is security-shield. This naming mismatch could confuse users about which package they are installing.
"command": "clawhub install security-shield-enhanced"
Install using the registry entry you intended to review, and verify the package slug, owner, and version before installation.