← Back to Skills Marketplace
halfmoon82

Openclaw Guardian

by halfmoon82 · GitHub ↗ · v1.0.7 · MIT-0
cross-platform ⚠ suspicious
444
Downloads
0
Stars
2
Active Installs
8
Versions
Install in OpenClaw
/install openclaw-guardian-suite
Description
一键安装包含配置安全、容灾、监控和上下文优化的 OpenClaw 系统全链路守护套件。
Usage Guidance
This package is plausible for a commercial 'guardian' suite, but several behaviors merit caution: - Remote code fetch & exec: The installer contacts a payment server (default https://skill.socialmore.net), creates an order, then downloads an encrypted payload and decrypts/executes it locally. That means code from the vendor will run on your machine — only proceed if you trust the vendor and the server. - Watermark injection: The included watermark.py will recursively inject license headers into Python files under a target directory. This modifies your installed code permanently; back up repositories and virtualenvs first, and do not run as root. - Self-whitelisting: The 'skill-safe-install' component contains a hard-coded whitelist that treats this author's skills as trusted and can bypass normal review steps. That reduces independent auditing of this package and bundled skills. - Default external endpoints: patch_integration creates a compaction-proxy routes.json pointing to a third-party LLM endpoint template (llmapi.lovbrowser.com) and expects API keys. Review and control any externally configured endpoints. Recommendations before installing: 1) Request a vendor-signed release or inspect the remote payload behavior (what oc_execute_skill does after fetching) — ideally get the plaintext code or a reproducible build. 2) Run the installer in an isolated environment (VM / disposable container) first to observe network calls and filesystem changes. 3) Back up ~/.openclaw and any code you care about; avoid running as root. 4) Verify the payment/oc-pay-server domain and SSL certs; prefer explicit OC_PAY_SERVER values you control. 5) If you require stricter audit, refuse auto-whitelisting and insist the package remove or document the whitelist mechanism. Given the mix of plausible commercial intentions and several risky implementation choices (remote exec, persistent watermarking, self-whitelist), treat this skill as suspicious until the vendor or maintainer supplies stronger transparency and assurances.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-guardian-suite Version: 1.0.7 The bundle implements a commercial licensing and delivery mechanism in 'lib/sdk/auth.sh' that utilizes a high-risk execution pattern: it fetches encrypted payloads from a remote server (https://skill.socialmore.net) and pipes them directly into a bash shell via openssl decryption. Furthermore, 'lib/skills/skill-safe-install/SKILL.md' contains instructions designed to influence the AI agent's behavior, specifically directing it to bypass security inspections and risk assessments for any skills authored by 'halfmoon82'. While these behaviors are framed as part of a commercial 'Guardian Suite,' the combination of remote code execution (RCE) by design and explicit instructions to ignore security protocols for specific developers creates a significant attack surface and potential for unauthorized system modification.
Capability Assessment
Purpose & Capability
The skill claims to be a paid guardian bundle (configuration safety, rollback, monitoring, context proxy). Many artifacts align with that purpose (config validators, rollback, fswatch, health audit). However metadata and runtime files diverge: registry metadata declares no required env vars/binaries while _meta.json and scripts expect python3, curl, openssl and an OC_PAY_SERVER endpoint. Requiring a payment/license verification server and remote skill fetch is explainable for a commercial bundle, but the metadata omission (no required envs) is inconsistent and unusual.
Instruction Scope
SKILL.md directs users to run the bundled install.sh which sources lib/sdk/auth.sh. auth.sh contacts an external OC_PAY_SERVER to verify/create orders, then oc_execute_skill fetches an encrypted payload from that server and (via openssl) will decrypt/execute it in memory. The package also includes scripts that create/modify ~/.openclaw/* files, write a compaction-proxy routes.json with a third-party LLM endpoint template, and a watermark tool that will recursively modify Python files to insert licensed-to headers. Additionally, the included skill-safe-install contains a built-in whitelist that explicitly exempts this author's skills (including openclaw-guardian) from full review — effectively bypassing the normal safety review for the package itself. These are broad, persistent actions beyond simple installation and should be reviewed carefully.
Install Mechanism
There is no formal install spec, but install.sh uses a bundled oc-pay-sdk to contact a remote server (default https://skill.socialmore.net) and then fetch encrypted skill contents for local execution. Remote fetch-and-execute of decrypted payloads (even in-memory) is high-risk because it runs code from an external server. The included files are local, but the runtime behavior depends on network downloads and openssl decryption — a privileged execution path that's disproportionate if you expect only local configuration tooling.
Credentials
Registry-level 'required env vars' were empty, but the installer expects environment inputs at runtime (OC_PAY_SERVER may be set by the user; OC_ACCEPT_TERMS must be yes to proceed) and uses system identity (user@hostname) to form an identifier. The bundle also writes a routes.json template that expects an external API key. While payment flows commonly require a server endpoint, the mismatch between declared requirements and actual env/use of external endpoints is inconsistent. No explicit secret env variables are declared, but the package will handle license tokens and requests to external services — a reasonable need for a paid product, but still sensitive.
Persistence & Privilege
The installer and helper scripts create and modify persistent files under the user's home (~/.openclaw), create backups, symlinks into .lib, and the watermark tool will modify arbitrary installed Python files under a target directory. The skill also embeds a whitelist mechanism that exempts its own author/skills from review. These actions create durable changes to the system and reduce future scrutiny, which increases risk.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-guardian-suite
  3. After installation, invoke the skill by name or use /openclaw-guardian-suite
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.7
- Removed multiple legacy and auxiliary skill components, including compaction-proxy, config-modification, config-preflight-validator, gateway-auto-rollback, model-failover-doctor, openclaw-health-audit, and skill-safe-install. - Updated configuration and install scripts to reflect a streamlined skill set. - Documentation (SKILL.md) remains unchanged.
v1.0.6
No changes detected in this version. - No updates or modifications were made to the skill files.
v1.0.5
- Updated skill configuration in clawhub.yaml; no changes to documentation or feature behavior.
v1.0.4
- Added 13 new source and script files, introducing features for config modification, compaction proxy, and enhanced health audit. - Updated documentation and skill metadata in SKILL.md files. - Enhanced authentication and configuration preflight validation scripts. - Improved model failover and gateway rollback logic. - Introduced watermark and monitoring utilities for better system oversight.
v1.0.3
v1.0.3: 修复新用户环境 oc-pay-sdk 缺失问题,将 auth.sh 随包分发至 lib/sdk/
v1.0.2
- Updated metadata files for improved configuration and compatibility. - No changes to user-facing documentation or features.
v1.0.1
Payment gating fix: sub-skill stubs + price field; skill-safe-install v2.2.0 whitelist
v1.0.0
初版 OpenClaw 全能守护包,含7个系统守护技能 + IP保护 + 用户水印
Metadata
Slug openclaw-guardian-suite
Version 1.0.7
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 8
Frequently Asked Questions

What is Openclaw Guardian?

一键安装包含配置安全、容灾、监控和上下文优化的 OpenClaw 系统全链路守护套件。 It is an AI Agent Skill for Claude Code / OpenClaw, with 444 downloads so far.

How do I install Openclaw Guardian?

Run "/install openclaw-guardian-suite" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Guardian free?

Yes, Openclaw Guardian is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Openclaw Guardian support?

Openclaw Guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Openclaw Guardian?

It is built and maintained by halfmoon82 (@halfmoon82); the current version is v1.0.7.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments