Openclaw Shield 1.0.3

# OpenClaw Shield

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "Openclaw Shield 1.0.3" with this command: npx skills add kenswj/openclaw-shield-1-0-3

OpenClaw Shield

Enterprise security scanner for AI agents. Detects credential theft, data exfiltration, and malicious code with static analysis + runtime guards + ClamAV integration. Audit logging and tamper-evident reports.

When to use: Security scanning, threat detection, code auditing, runtime protection for AI agents

What to know:

Repository: https://github.com/pfaria32/OpenClaw-Shield-Security

Features

Static Scanner

  • Detects credential theft, data exfiltration, destructive operations
  • Pattern-based analysis (no external dependencies)
  • Python stdlib only (zero supply chain risk)
  • Pre-execution scanning

Runtime Guard

  • File/network/exec allowlists
  • Output sanitization
  • Policy enforcement
  • Real-time protection

Integration

  • ClamAV integration (3.6M virus signatures)
  • Telegram alerting on critical findings
  • Hash-chained audit logging
  • Tamper-evident security logs

Installation

cd /home/node/.openclaw/workspace
git clone https://github.com/pfaria32/OpenClaw-Shield-Security.git projects/OpenClaw-Shield

# Test the scanner
python3 projects/OpenClaw-Shield/src/scanner.py /path/to/scan

# Deploy (see repository README for full setup)

Usage

Manual Scan

python3 projects/OpenClaw-Shield/src/scanner.py workspace --output shield-report.json

Daily Automated Scans

Set up cron job (see repository deployment guide):

# Daily at 3 AM UTC
0 3 * * * /path/to/scan-script.sh

Runtime Guard (Optional)

Configure allowlists and enable runtime protection (see deployment/openclaw-config.py in repo).

Status

Deployed on this instance (clawdbot-toronto)

  • Daily scans: 3:00 AM UTC
  • ClamAV: Active (host-level)
  • Runtime guard: Prepared (not enabled by default)

Attribution

Inspired by: Resonant by Manolo Remiddi
Source: https://github.com/ManoloRemiddi/resonantos-open-system-toolkit/blob/main/BUILD_YOUR_OWN_SHIELD.md

Built on the principle: "Don't trust, verify."

Documentation

Full docs, threat model, and deployment guide in repository README.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Code Review Inspector

Automated code review checking for bugs, security issues, best practices, performance problems, and code style

Registry SourceRecently Updated
330michaelatamuk
Security

agent-bom runtime

AI runtime security monitoring — context graph analysis, runtime audit log correlation with CVE findings, and vulnerability analytics queries. Use when the u...

Registry SourceRecently Updated
7870msaad00
Security

agent-bom scan

Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container...

Registry SourceRecently Updated
7740msaad00
Security

agent-bom vulnerability intel

Use agent-bom to check package, SBOM, inventory, and agent dependency exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV with explicit...

Registry SourceRecently Updated
300msaad00