← Back to Skills Marketplace
229
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install opsec
Description
Security review and risk auditing for OpenClaw skills and deployments. Inspect third-party skills, dangerous instructions, credential requests, privilege ris...
Usage Guidance
This skill is internally consistent with its stated purpose and is safe to run locally for auditing other skills. Before installing/running: (1) review rules/skill_review.json if you want different patterns or to reduce false positives, (2) note that reports are persisted under ~/.openclaw/workspace by default (set WORKSPACE_ROOT to change), and (3) treat its findings as automated signals that require manual review — the scanner can produce false positives/negatives and does not guarantee complete security. If you plan to let an autonomous agent invoke this skill, know it can read local skill directories you point it at and will write reports to the workspace; that is expected behavior but verify the agent's scope and permissions first.
Capability Analysis
Type: OpenClaw Skill
Name: opsec
Version: 1.0.2
The 'clawguard' skill is a local static analysis tool designed to audit other OpenClaw skills for security risks. The core logic in scripts/lib/engine.py and scripts/review_skill.py performs pattern matching against a defined ruleset (rules/skill_review.json) to identify risky shell commands, credential requests, and sensitive path access. All operations are local-first, saving reports to the user's workspace without any evidence of data exfiltration, remote execution, or malicious prompt injection.
Capability Assessment
Purpose & Capability
Name/description match the included code and rules. The code implements a local pattern-based scanner (rules/skill_review.json) that inspects SKILL.md, scripts, and other text files under a user-provided skill directory. There are no unrelated environment variables, remote endpoints, or cloud APIs requested.
Instruction Scope
SKILL.md describes local-first review behavior and the implementation follows that: scan_skill walks the given skill directory, reads text files, applies rules, and returns a structured report. The instructions and code do not read unrelated system config files, network endpoints, or secret-bearing env vars. The scanner excludes its own rules and references directories from inspection.
Install Mechanism
No install spec or remote downloads. The skill is instruction-only (scripts included for local execution). No archives, third-party package installs, or network fetches are performed by the code itself.
Credentials
The skill requires no credentials or sensitive environment variables. It optionally honors WORKSPACE_ROOT to choose where to persist reports; otherwise it uses a sensible per-user path (~/.openclaw/workspace). This level of access is proportionate for a reporting tool.
Persistence & Privilege
The skill writes and persists reports under the user's workspace (~/.openclaw/workspace/memory/clawguard/reports.json). This is expected for an audit tool, but users should know reports are stored locally and that the skill will create that directory if it doesn't exist. always is false and the skill does not modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install opsec - After installation, invoke the skill by name or use
/opsec - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
[email protected]: Added --summary-only decision output for faster install reviews, improved medium-severity explanation in summaries, and added optional human review notes via --note.
v1.0.1
[email protected]: Improved review precision for real third-party skills by removing markdown code-fence false positives and splitting credential mentions from explicit secret exposure guidance.
v1.0.0
[email protected]: Initial release of a local-first OpenClaw security review skill for third-party skill vetting, structured rule matching, evidence-based reporting, and JSON-friendly output.
Metadata
Frequently Asked Questions
What is clawguard?
Security review and risk auditing for OpenClaw skills and deployments. Inspect third-party skills, dangerous instructions, credential requests, privilege ris... It is an AI Agent Skill for Claude Code / OpenClaw, with 229 downloads so far.
How do I install clawguard?
Run "/install opsec" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is clawguard free?
Yes, clawguard is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does clawguard support?
clawguard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created clawguard?
It is built and maintained by Duclawbot (@duclawbot); the current version is v1.0.2.
More Skills