← Back to Skills Marketplace
aaronjager92

openclawselfguard

by aaronjager92 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
104
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install openclaw-self-guard
Description
Monitors local OpenClaw version daily at 06:00 Beijing time against NVD and GitHub advisories, reporting found CVEs with remediation steps.
Usage Guidance
This skill appears to do what it says: detect the local OpenClaw version, query NVD and GitHub, and schedule daily checks. Before installing or running it: 1) Inspect and (if desired) run the scripts manually to verify behavior (python3 scripts/get_version.py --json and python3 scripts/check_vulns.py --json). 2) Review and approve the cron/job entry that setup_cron.sh will write to ~/.openclaw/cron/jobs.json (the script backs up existing file). 3) Do not pass a delivery channel to setup_cron.sh unless you trust the configured channel — by default it is console only; enabling a channel may cause the report (including local version info and any findings) to be sent externally. 4) Be aware of bugs: fetch_github.py has a coding error (an undefined 'undefined' usage in params) and version-range checking in check_vulns.py is simplistic; these may make the tool fail or produce false negatives/positives. If you want to use it, consider fixing those issues or running checks manually and verifying outputs before relying on the cron automation.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-self-guard Version: 1.0.1 The skill is a security monitoring tool that checks for OpenClaw vulnerabilities using NVD and GitHub APIs. It performs high-risk actions including automated persistence by modifying the OpenClaw cron configuration (~/.openclaw/cron/jobs.json), executing local shell commands for version detection (openclaw --version), and making external network requests to services.nvd.nist.gov and api.github.com. While these capabilities are aligned with the stated purpose, the combination of automated system modification and logic flaws—such as a broken version comparison in check_vulns.py and a NameError (undefined variable) in fetch_github.py—warrants a suspicious classification under the provided criteria.
Capability Assessment
Purpose & Capability
Name/description state: daily checks of local OpenClaw against NVD and GitHub advisories. The repository includes scripts to detect local version, query NVD and GitHub, compare versions, format reports, and install a cron job — all consistent with the stated purpose.
Instruction Scope
SKILL.md and setup_cron.sh instruct the agent to auto-install a daily job that runs the supplied check_vulns.py script. The cron payload explicitly tells the agent to run python3 check_vulns.py --json and return either a full report (if vulnerabilities found) or a short success message. By default the delivery in the job is 'console only', but the job file supports configuring external delivery channels (feishu, telegram, etc.). This means the output could be sent externally if the user or the setup script is run with a channel argument — review jobs.json and chosen channel before enabling.
Install Mechanism
No remote install spec (instruction-only) — low risk for remote code fetch. However setup_cron.sh modifies user config under ~/.openclaw/cron/jobs.json and creates backups; installing the skill will therefore persist a scheduled job in the user's home config. That persistent change is expected for a monitoring skill but is a meaningful modification to user config and should be reviewed.
Credentials
The skill requests no environment variables or credentials. Network calls go to known public sources (nist.gov and api.github.com). The scripts read some local files/paths to detect OpenClaw (openclaw --version and a few package.json locations) which is appropriate for detecting a local version.
Persistence & Privilege
The skill installs a persistent daily job (cron-like) in ~/.openclaw which will cause repeated autonomous checks. always:false (not force-included). Autonomous invocation via the agent/job system is expected for this monitoring use case, but persistent scheduled runs increase the blast radius if the delivery channel is changed to an external recipient — verify delivery settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-self-guard
  3. After installation, invoke the skill by name or use /openclaw-self-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Clarified and simplified data sources: now only NVD and GitHub Security Advisories are listed. - Updated cron job section: clarified that delivery is console output by default, with instructions for customizing the output channel. - Removed references to international/intelligence sources and CVE.org for improved accuracy. - Updated features and usage documentation for clarity and conciseness. - Updated requirements to include `lxml` in addition to `requests` and `beautifulsoup4`.
v1.0.0
Initial release of openclaw-self-guard – an automated security vulnerability monitor for OpenClaw. - Automatically checks OpenClaw for CVEs via NVD, GitHub advisories, and international sources. - Compares local version against known vulnerabilities and outputs detailed remediation steps if issues are detected. - Runs silently if no vulnerabilities are found. - Installs a daily cron job on setup (runs at 06:00 Beijing time). - Provides manual check commands and clear output/report formats.
Metadata
Slug openclaw-self-guard
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is openclawselfguard?

Monitors local OpenClaw version daily at 06:00 Beijing time against NVD and GitHub advisories, reporting found CVEs with remediation steps. It is an AI Agent Skill for Claude Code / OpenClaw, with 104 downloads so far.

How do I install openclawselfguard?

Run "/install openclaw-self-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is openclawselfguard free?

Yes, openclawselfguard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does openclawselfguard support?

openclawselfguard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created openclawselfguard?

It is built and maintained by aaronjager92 (@aaronjager92); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments