Identity Guard
ReviewAudited by ClawScan on May 10, 2026.
Overview
Identity Guard is a coherent privacy-protection skill, but its authorization check can approve a sender across any channel when channel data is omitted, so it should be reviewed before use.
Install only if you are comfortable maintaining an identities.json allowlist. Before using it in groups, initialize the intended master in a private session, require channel-aware checks, avoid broad global allowlists, and treat sender IDs as private identifiers.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user authorized in one channel, or an ID collision across channels, could be treated as authorized somewhere else if the agent does not pass the channel.
For a guard intended to protect sensitive information in multi-user sessions, allowing authorization to fall back to any configured channel broadens the permission boundary when channel metadata is missing or omitted.
If channel is not provided, the script will check if the sender is authorized in ANY channel.
Require both trusted sender_id and trusted channel for sensitive checks, fail closed when channel is missing, and reserve global allowlist behavior for explicit administrator choice.
If the bot is exposed before the intended owner initializes it, the first eligible DM setup could claim the master role.
The skill can persistently set the initial master identity through chat. This is disclosed and bounded to first-time DM setup, but it determines future access control.
The assistant may initialize identities.json via chat only if: No master_id is configured for the channel yet, and The request comes from a DM...
Initialize the guard in a controlled private session before deployment, review identities.json, and restrict who can modify the file.
The agent may rely on a local script result to allow or deny sensitive requests.
The skill asks the agent to run a local shell helper for authorization decisions. This is central to the stated purpose and scoped to the bundled script.
Execute the verification script: ./scripts/guard.sh <sender_id> [channel]
Use the bundled script path, review identities.json before relying on it, and avoid letting untrusted users choose arbitrary script paths or arguments.
Setup or helper commands may fail unexpectedly on systems without the required local tools.
The registry metadata declares no required binaries, but this bundled helper requires rg. This is a dependency declaration gap rather than evidence of hidden installation.
echo "ripgrep (rg) is required for whoami.sh"
Declare optional helper dependencies such as rg and python3 in metadata or document clearly which features need them.
Running the helper against shared or broad session logs could reveal a sender ID that should not be posted publicly.
The whoami helper searches local OpenClaw session logs to find sender_id values. It outputs only the matched ID, but session-derived identifiers are sensitive.
SESSIONS_DIR="${HOME}/.openclaw/agents/${AGENT_ID}/sessions"Prefer current message metadata for whoami, run the helper locally or in DM, and avoid sharing sender IDs in group chats.