← Back to Skills Marketplace
miloudbelarebia

Openclaw Security Guard

by miloudbelarebia · GitHub ↗ · v1.0.0
macoslinuxwindows ✓ Security Clean
1387
Downloads
0
Stars
10
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-security-guard
Description
Security audit CLI + live dashboard for OpenClaw. Scans for secrets, config issues, prompt injections, vulnerable dependencies, and unverified MCP servers. Zero telemetry.
Usage Guidance
This package appears coherent for a local OpenClaw security scanner, but take these precautionary steps before installing or running with --auto: - Verify the npm package and repository: confirm the package on npm matches the GitHub repo referenced in SKILL.md and check the package author/publisher identity. - Grep the source for outbound network calls (http, https, ws, fetch, axios, net.connect) to confirm 'zero telemetry' — focus on dashboard/server.js, monitors/*, and helpers for any external endpoints or hosts. - Review code paths that modify configuration (auto-hardener, fix command) and test fix --dry-run first; ensure backups are created in a location you control. - Inspect where dashboard credentials are stored (~/.openclaw-security-guard/auth.json is mentioned) and secure or delete that file as needed. - Prefer running via npx or in an isolated/sandbox environment initially rather than global install. If you want, I can (1) point to specific files to grep for outbound connections or secrets exfiltration patterns, or (2) run a quick static checklist of the top files (dashboard/server.js, monitors/*, auto-hardener.js) and list lines that look like external network usage. Confidence is medium because the package includes full source (which helps) but registry/source metadata had a small mismatch and claims like 'zero telemetry' should be verified by code inspection.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-security-guard Version: 1.0.0 The OpenClaw Security Guard skill bundle is a security tool designed to audit, monitor, and harden OpenClaw installations. The code and documentation consistently emphasize privacy, local operation, and the absence of telemetry. Key security features include robust input validation using Zod, path sanitization to prevent traversal attacks, strong password hashing (PBKDF2, SHA-512) for the local dashboard, and explicit binding of the dashboard to localhost (127.0.0.1) to prevent external access. The tool performs local file system operations (reading/writing OpenClaw configuration, creating git pre-commit hooks) as part of its stated purpose, with safeguards like backups and direct programmatic file/permission modifications (e.g., `fs.chmod`) instead of shell execution. There is no evidence of data exfiltration, malicious execution, persistence mechanisms beyond intended git hooks, or prompt injection attempts against the AI agent itself. The skill is a legitimate security utility.
Capability Assessment
Purpose & Capability
Name/description match the delivered pieces: a Node.js npm package that exposes CLI binaries and implements secrets/config/prompt-injection/dependency/MCP-server scanners and a local dashboard. Required binary (node) and the npm install are proportionate to the stated purpose. The publish metadata omission of a source/homepage in the registry (but SKILL.md includes a GitHub URL) is a small inconsistency worth verifying.
Instruction Scope
SKILL.md instructs the tool to scan the user's OpenClaw install (default paths like ~/.openclaw), run an optional auto-fix that edits configuration, and open a localhost dashboard. Those actions are expected for a security auditor. Note: auto-fix modifies user files (claims to backup first) — this is expected but the user should confirm backups and review proposed fixes before running --auto. The docs include example malicious prompt strings (used to demonstrate the prompt-injection detector); that's why prompt-injection patterns appear in the docs.
Install Mechanism
Install uses an npm package (openclaw-security-guard) which is appropriate for a Node.js CLI. npm install is a standard distribution method; npm packages carry typical supply-chain risk, so verify package provenance and version before installing globally.
Credentials
The skill declares no required environment variables or credentials. Documentation references optional env vars (OPENCLAW_HOME, OPENCLAW_GUARD_CONFIG), which is reasonable for a local scanner. No unexplained credential or system-wide config access is requested in metadata or SKILL.md.
Persistence & Privilege
always is false and model invocation is default — normal. The package runs as a CLI and dashboard service and can modify OpenClaw config when asked (auto-hardening). It does not request unwarranted system-wide privileges or attempt to persist across unrelated skills. Verify where the dashboard auth file is stored (docs mention ~/.openclaw-security-guard/auth.json) if you are concerned about local persistence.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-security-guard
  3. After installation, invoke the skill by name or use /openclaw-security-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of openclaw-security-guard. - Provides a CLI and live dashboard to audit OpenClaw setups for secrets, config issues, prompt injections, vulnerable dependencies, and unverified MCP servers. - Features include automated fixes, a real-time dashboard, security scoring, pre-commit hooks, and multi-language support. - All security checks run locally with zero telemetry.
Metadata
Slug openclaw-security-guard
Version 1.0.0
License
All-time Installs 11
Active Installs 10
Total Versions 1
Frequently Asked Questions

What is Openclaw Security Guard?

Security audit CLI + live dashboard for OpenClaw. Scans for secrets, config issues, prompt injections, vulnerable dependencies, and unverified MCP servers. Zero telemetry. It is an AI Agent Skill for Claude Code / OpenClaw, with 1387 downloads so far.

How do I install Openclaw Security Guard?

Run "/install openclaw-security-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Security Guard free?

Yes, Openclaw Security Guard is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Security Guard support?

Openclaw Security Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux, windows).

Who created Openclaw Security Guard?

It is built and maintained by miloudbelarebia (@miloudbelarebia); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments