← Back to Skills Marketplace
OpenClaw Shield
by
Eilaiwangwh
· GitHub ↗
· v1.0.0
· MIT-0
314
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-shield-v1
Description
OpenClaw cloud security guardrail that enforces pre-execution checks, source trust classification, taint tracking, metadata endpoint blocking, and output red...
Usage Guidance
Do NOT install or append anything to your agent config yet. This package is documentation-only here — it expects you to fetch and run external code (shield.py) from a GitHub repo and to edit critical files (SOUL.md/AGENTS.md). Before proceeding: 1) Obtain the actual runtime code (shield.py) and audit it line-by-line (look for network callbacks, hidden endpoints, credential exfiltration, and logging behavior). 2) Verify the GitHub repo owner and commit history; prefer signed releases from a trusted org. 3) Do NOT blindly append the suggested '不可违背' blocks to SOUL.md/AGENTS.md; that forces policy changes and could make the shield hard to remove. 4) Investigate the .shield_disabled mechanism — treat it as a potential backdoor. 5) If you want to try it, run the shield code in an isolated test environment (ephemeral VM/container) and verify audit append-only behavior, no outbound connections to unknown hosts, and the absence of credential exfiltration. 6) Ask the maintainer for a packaged release and a code review report; require human verification of any installer script before executing. If you cannot perform these checks, do not install.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-shield-v1
Version: 1.0.0
The skill claims to provide security guardrails but exhibits high-risk behavior by instructing the agent to modify its core configuration files (SOUL.md and AGENTS.md) to embed its logic globally. It includes documented bypass mechanisms, such as an emergency disable file (.shield_disabled) and a policy to ignore script failures, which could be used to neutralize the protections. Crucially, the actual execution logic (shield.py) is missing from the provided files, preventing verification of whether the 'filtering' and 'checking' functions are benign or perform unauthorized data exfiltration under the guise of security (IOC: GitHub repo Eilaiwangwh/openclaw-shield).
Capability Assessment
Purpose & Capability
The skill claims to enforce pre-execution checks via a shield.py helper, but the bundle contains no shield.py or runtime code — only docs. To function it instructs installing a GitHub repo and editing agent core files. Requiring edits to SOUL.md/AGENTS.md and adding mandatory checks is outside what an instruction-only 'skill' should demand without providing the binary/scripts.
Instruction Scope
SKILL.md tells the agent to run shield.py check/inject/filter for every user/agent action and to append '不可违背' (must obey) rules to SOUL.md and AGENTS.md. It also mandates 'if shield errors, ignore errors continue' and introduces a .shield_disabled bypass file — both are unusual and weaken expected protections. The instructions therefore request system-wide policy changes and introduce explicit bypass/backdoor mechanisms.
Install Mechanism
No formal install spec in the registry entry, but README instructs cloning/pulling from an external GitHub repo (Eilaiwangwh/openclaw-shield) and running installer scripts under ~/.codex/. These are downloads from an external source not bundled here; fetching and executing that code is moderate-to-high risk without verifying the repo and its contents.
Credentials
The skill requests no environment variables or credentials, which fits a local guardrail. However, it requires write access to agent config files and skill directories, and expects to interact with many filesystem/network targets (including setting passphrases and audit configs). Those privileges are significant even without explicit secret requests and should be justified and audited.
Persistence & Privilege
Though not marked always:true, the docs instruct persistent modification of core agent files (SOUL.md, AGENTS.md) to make Shield 'inviolable' and to exempt shield's own directory. This elevates the skill's persistence and privilege beyond a normal, optional skill and could lock in behavior or create hard-to-audit persistence and bypass mechanisms (.shield_disabled).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-shield-v1 - After installation, invoke the skill by name or use
/openclaw-shield-v1 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of openclaw-shield cloud security guardrail.
- Enforces pre-execution security checks for shell, file, network, and package operations.
- Implements source trust classification and taint tracking for all actions.
- Includes metadata endpoint blocking and strict safeguards against sensitive cloud resources.
- Provides output redaction to prevent leakage of credentials and confidential information.
- Designed for policy enforcement, audit tracking, and safe cloud deployment interactions.
Metadata
Frequently Asked Questions
What is OpenClaw Shield?
OpenClaw cloud security guardrail that enforces pre-execution checks, source trust classification, taint tracking, metadata endpoint blocking, and output red... It is an AI Agent Skill for Claude Code / OpenClaw, with 314 downloads so far.
How do I install OpenClaw Shield?
Run "/install openclaw-shield-v1" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Shield free?
Yes, OpenClaw Shield is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OpenClaw Shield support?
OpenClaw Shield is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Shield?
It is built and maintained by Eilaiwangwh (@eilaiwangwh); the current version is v1.0.0.
More Skills