Description

Check whether OpenClaw is listening beyond localhost or running with elevated privileges, then offer a conservative lockdown fix. 检查OpenClaw安全配置。

README (SKILL.md)

ClawGuard

Name: HostGuard
Author: tobewin

Security assistant for OpenClaw. Check whether the local OpenClaw service is reachable beyond localhost and whether it is running with elevated privileges.

Features

🔒 Network Binding Check: Detect if OpenClaw is exposed beyond localhost
🔐 Privilege Check: Detect if running with elevated privileges (root/admin)
📋 Configuration Analysis: Review host/port settings in env files
🔧 Conservative Fix: Offer safe lockdown recommendations

Trigger Conditions

"Check OpenClaw security" / "检查OpenClaw安全"
"Is OpenClaw exposed?" / "OpenClaw是否暴露?"
"Check if running as root" / "检查是否以root运行"
"Lockdown OpenClaw" / "锁定OpenClaw"
"claw-guard"

Quick Check Commands

Check Network Binding (macOS/Linux)

# Find OpenClaw process and check binding
PORT=${OPENCLAW_PORT:-18789}
echo "Checking port $PORT..."
lsof -i :$PORT -P -n 2>/dev/null | grep LISTEN || echo "No listener on port $PORT"

Check Privilege

# Check if running as root
if [ "$(id -u)" = "0" ]; then
  echo "⚠️ Running as root (elevated privileges)"
else
  echo "✅ Running as user $(whoami) (uid=$(id -u))"
fi

Check Configuration

# Check env files for HOST setting
for f in .env.local .env.development .env.production .env; do
  if [ -f "$f" ]; then
    HOST_VAL=$(grep -E "^(OPENCLAW_HOST|HOST)=" "$f" 2>/dev/null | cut -d= -f2)
    if [ -n "$HOST_VAL" ]; then
      echo "Found HOST=$HOST_VAL in $f"
    fi
  fi
done

Full Security Check

# Run all checks
echo "🛡️ ClawGuard Security Check"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━"

# 1. Check user
echo ""
echo "🔐 User/Privilege:"
if [ "$(id -u)" = "0" ]; then
  echo "  ⚠️ Running as root"
else
  echo "  ✅ Running as $(whoami) (uid=$(id -u))"
fi

# 2. Check port
PORT=${OPENCLAW_PORT:-18789}
echo ""
echo "🔌 Network Binding (port $PORT):"
LISTEN_INFO=$(lsof -i :$PORT -P -n 2>/dev/null | grep LISTEN)
if [ -n "$LISTEN_INFO" ]; then
  echo "  $LISTEN_INFO"
  if echo "$LISTEN_INFO" | grep -q "127.0.0.1"; then
    echo "  ✅ Loopback only (safe)"
  elif echo "$LISTEN_INFO" | grep -q "0.0.0.0\|::"; then
    echo "  ⚠️ Listening on all interfaces (may be exposed)"
  else
    echo "  ℹ️ Check binding manually"
  fi
else
  echo "  ℹ️ No listener detected"
fi

# 3. Check config
echo ""
echo "📋 Configuration:"
for f in .env.local .env.development .env.production .env; do
  if [ -f "$f" ]; then
    HOST_VAL=$(grep -E "^(OPENCLAW_HOST|HOST)=" "$f" 2>/dev/null | cut -d= -f2)
    if [ -n "$HOST_VAL" ]; then
      echo "  $f: HOST=$HOST_VAL"
    fi
  fi
done

echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━"

What to Check

1. Configuration Check

Read local env files in this order:

.env.local
.env.development
.env.production
.env

Look for:

OPENCLAW_HOST or HOST
OPENCLAW_PORT or PORT
Default port: 18789

2. Network Binding Check

Use system commands to check if the port is listening:

lsof -i :{port} (macOS/Linux)
netstat -tlnp | grep {port} (Linux)
netstat -ano | findstr :{port} (Windows)

Classify the binding:

loopback only (127.0.0.1, ::1) → ✅ Safe
wildcard (0.0.0.0, ::) → ⚠️ May be exposed
private network (10.x, 192.168.x) → ⚠️ Local network only
public address → ❌ Potentially exposed

3. Privilege Check

Check if running with elevated privileges:

Unix: Check if uid == 0 (root)
Windows: Check for Administrator group membership

Reporting Behavior

Distinguish runtime listener state from config file state
Do not claim definite public exposure based only on 0.0.0.0 or ::
Use wording like "may be reachable beyond localhost" unless you have stronger evidence
If no active listener is detected, say so explicitly
Elevated privileges are a warning, not proof of compromise

Fix Behavior

Never modify files without explicit user permission
Only offer a fix when an existing HOST or OPENCLAW_HOST entry is present
Before editing, create a .bak backup beside the file
Change only the host value to 127.0.0.1
Preserve comments and quoting where possible
If no existing host entry is found, explain that the active config source may be elsewhere

Example Report

🛡️ ClawGuard Security Report
━━━━━━━━━━━━━━━━━━━━━━━━━━━━

📋 Configuration
├─ Host: 127.0.0.1 (from .env)
├─ Port: 18789
└─ Status: ✅ Loopback only

🔌 Network Binding
├─ Listening: Yes
├─ Binding: 127.0.0.1:18789
└─ Assessment: ✅ Local only

🔐 Privileges
├─ User: bingo (uid=501)
└─ Status: ✅ Not elevated

━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🎯 Conclusion: ✅ Secure configuration

Error Handling

No env file found     → "⚠️ No configuration file found"
Port not listening    → "ℹ️ No active listener detected"
Permission denied     → "❌ Cannot check privileges"
Command not available → "⚠️ Required tool not available"

Notes

This is a read-only security assessment tool
No files are modified without explicit permission
All checks are conservative and non-invasive
Use system tools (lsof, netstat, whoami) for detection

Usage Guidance

This skill is instruction-only and appears to do only local, read-only checks (and only modifies files if you explicitly permit it). Before installing: (1) note the registry/SKILL.md name & version mismatch (ClawGuard vs HostGuard) — verify you trust the publisher; (2) understand the agent will read local .env.* files (which can contain secrets) but only looks for host/port keys; (3) ensure you are comfortable with the agent running local commands (lsof/netstat/id/whoami) — you can run those same commands manually to compare results; (4) only grant explicit permission to modify files and confirm backups are created as promised. If you want higher assurance, ask the publisher for a signed release or source repository, or run the checks manually instead of letting the agent perform them autonomously.

Capability Analysis

Type: OpenClaw Skill Name: hostguard Version: 1.2.0 The 'hostguard' skill is a security auditing tool designed to check if the OpenClaw service is exposed to the network or running with root privileges. It uses standard system commands like lsof, id, and grep in SKILL.md to inspect local environment files and network listeners, and it explicitly requires user permission before suggesting any configuration changes.

Capability Assessment

ℹ Purpose & Capability

The SKILL.md describes checking OpenClaw network binding, privilege level, and local env files and offering conservative lockdown advice — which matches the stated purpose. Minor inconsistencies: the registry lists the skill as "HostGuard" / version 1.2.0 while the SKILL.md calls itself "ClawGuard" / version 1.1.0; this is likely a bookkeeping issue but worth noting.

ℹ Instruction Scope

Instructions are limited to running local diagnostic commands (lsof/netstat/id/whoami) and reading .env.* files for OPENCLAW_HOST/HOST and OPENCLAW_PORT/PORT. This is within scope for the stated checks. Caution: .env files can contain other secrets; the skill only greps for specific host/port keys, but a user should be aware the agent will read local config files.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files — nothing is downloaded or written to disk by default, which minimizes installation risk.

✓ Credentials

The skill requests no environment variables or credentials. It references OPENCLAW_PORT if present (as an optional override) but does not require any secrets. The requested access to local .env files and system commands is appropriate for the stated checks.

✓ Persistence & Privilege

always:false and no install/daemon behavior. Model invocation is allowed (default) but that is normal for skills and not a concern here. The SKILL.md states it will not modify files without explicit user permission and will create .bak backups before editing, which is proportionate.

Version History

v1.2.0

v1.2.0: Added executable bash commands for quick security checks. Users can run commands directly from SKILL.md without separate code files.

v1.1.0

v1.1.0: Security hardening - removed all executable code files, pure instruction-based skill.

v1.0.0

Initial release of ClawGuard, a security assistant for OpenClaw. - Checks if the OpenClaw service is listening beyond localhost and/or running with elevated privileges. - Determines host and port configuration from prioritized environment files. - Detects current network bindings and classifies listener state conservatively. - Warns about elevated privilege use and possible network exposure without over-claiming risk. - Offers a lockdown fix to restrict the listener to localhost, only when appropriate and with user consent.

Metadata

Slug hostguard

Version 1.2.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is HostGuard?

Check whether OpenClaw is listening beyond localhost or running with elevated privileges, then offer a conservative lockdown fix. 检查OpenClaw安全配置。 It is an AI Agent Skill for Claude Code / OpenClaw, with 350 downloads so far.

How do I install HostGuard?

Run "/install hostguard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is HostGuard free?

Yes, HostGuard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does HostGuard support?

HostGuard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created HostGuard?

It is built and maintained by ToBeWin (@tobewin); the current version is v1.2.0.

More Skills

HostGuard