openclaw-security-guard

This skill should be used when the user asks to harden agent workflows, audit prompts/commands/URLs/paths, scan a third-party skill before install or publish, review a skill folder for secrets or unsafe scripts, or add a lightweight local security guard before OpenClaw publishing and automation.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "openclaw-security-guard" with this command: npx skills add x-rayluan/clawlite-openclaw-security-guard

OpenClaw Security Guard

Use this skill to run fast local security checks before trusting or publishing automation.

What this skill is for

Run this skill when you need to:

  • scan suspicious text for prompt injection / secret leakage patterns
  • validate shell commands before automation or publishing
  • validate URLs for SSRF / localhost / metadata access risks
  • validate file paths for traversal / sensitive file access
  • audit a skill folder for dangerous scripts, hardcoded secrets, exfiltration patterns, or unsafe install/publish flows
  • add a lightweight self-defense layer before using external skills

Workflow

  1. Choose the narrowest check needed.
  2. Run one of the bundled scripts.
  3. Treat BLOCK as stop-work until reviewed.
  4. Treat WARN as requiring human review or a narrower sandbox.
  5. For skill audits, review the flagged file lines before install/publish.

Bundled scripts

1) Quick text / command / URL / path checks

node {baseDir}/scripts/security-check.mjs text "<content>"
node {baseDir}/scripts/security-check.mjs command "<shell command>"
node {baseDir}/scripts/security-check.mjs url "<url>"
node {baseDir}/scripts/security-check.mjs path "<path>"

2) Skill / folder audit

node {baseDir}/scripts/audit-skill-dir.mjs /absolute/or/relative/path/to/skill

3) Write audit into Obsidian vault

node {baseDir}/scripts/write-obsidian-audit.mjs /tmp/audit.json "Skill Audit - my-skill"

This writes a markdown audit note into the ClawLite Obsidian vault under Security Audits/.

4) Install lightweight local hook wrapper

bash {baseDir}/scripts/install-hooks.sh

This installs a reusable workspace script for prepublish checks.

This audits for:

  • hardcoded secrets / tokens
  • curl|bash / wget|sh installers
  • destructive shell patterns
  • risky exfiltration / webhook / netcat usage
  • suspicious file targets like ~/.ssh, /etc/passwd, .env, id_rsa

Verdicts

  • ALLOW — no high-risk pattern found in this lightweight pass
  • WARN — review manually before proceeding
  • BLOCK — do not trust / run / publish until reviewed

Important limits

  • This is a lightweight guard, not a full sandbox.
  • Regex-based detection catches common dangerous patterns, not all attacks.
  • A clean result does not prove safety.
  • For high-risk code, still prefer human review and runtime isolation.

Publishing / install guard

Before publishing or installing a skill from GitHub / ClawHub:

  1. run audit-skill-dir.mjs
  2. inspect every WARN / BLOCK
  3. only proceed when the remaining risk is understood

References

If you need the audit categories / philosophy, read:

  • {baseDir}/references/checklist.md

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

AI Shield — OpenClaw Security Audit

Security audit engine for OpenClaw configurations. Detects vulnerabilities, misconfigurations, secret leaks, and over-privileged agents. Use when the user as...

Registry SourceRecently Updated
8590Profile unavailable
Security

skill sec

Security agent that inventories installed OpenClaw skills, analyzes them for threats, and syncs results to your Clawned dashboard.

Registry SourceRecently Updated
5700Profile unavailable
Security

[Nyx Archive] Skill Security Protocol

Teach your AI agent to think about security. A reasoning methodology for vetting skills before installation — red/green flag heuristics, 4-phase audit protoc...

Registry SourceRecently Updated
5470Profile unavailable
Security

Voice (Edge TTS)

Convert text to speech using Microsoft Edge TTS with real-time streaming, customizable voice settings, and support for multiple languages including Chinese a...

Registry SourceRecently Updated
9302Profile unavailable