← Back to Skills Marketplace
1296
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install openclaw-warden-pro
Description
Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security layer for agent workspaces.
Usage Guidance
This skill appears to do what it says: it scans the workspace and can automatically restore files, rename skill directories to quarantine them, and run git rollbacks. Before installing or enabling automatic hooks, do the following: 1) Review the full integrity.py script locally to confirm there are no unexpected network calls or hidden behavior (the provided code appears local only). 2) Ensure you have backups of your workspace (and your git history) — 'protect' may restore or roll back files automatically. 3) Install and verify git is available if you plan to use rollback; the registry entry doesn't list git as a required binary but the feature expects a git repo. 4) Test the tool in a disposable test workspace to observe how snapshots are stored (it uses .integrity/snapshots) and how quarantine renames skill directories (prefix .quarantined-). 5) Be cautious about adding the SessionStart hook or heartbeat automation until you trust the baseline/snapshot state — automatic runs can be disruptive. If you want minimal risk, run the detection commands manually rather than wiring 'protect' to automatic startup.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-warden-pro
Version: 1.0.1
The OpenClaw Warden Pro skill is a security suite designed to detect and respond to unauthorized modifications and prompt injection patterns within an agent's workspace. All code and documentation align with this stated purpose. The skill uses standard Python libraries, performs local file system operations (copy, rename), and executes local `git` commands via `subprocess` for its 'rollback' and 'protect' countermeasures. While these actions involve powerful capabilities, they are directly necessary for the skill's defensive functions (snapshot restore, skill quarantine, git rollback) and are not used for exfiltration, unauthorized remote control, persistence, or any other malicious intent. The skill explicitly states it has no external dependencies, no `pip install`, and no network calls, which is confirmed by the code. The prompt injection patterns listed are for *detection*, not for malicious instruction.
Capability Assessment
Purpose & Capability
The name/description (workspace integrity + automated countermeasures) align with the provided script and commands (baseline, verify, protect, restore, quarantine, rollback). The declared runtime requirement is only python3, which fits the shipped Python script. Minor discrepancy: the SKILL.md and README advertise a 'git rollback' feature but the registry metadata does not declare 'git' as a required binary; the script likely invokes git or expects a git repo, so git should be present but is not listed.
Instruction Scope
SKILL.md explicitly instructs the agent to run local commands that scan the workspace and perform automated countermeasures (restore snapshots, rename skill directories to quarantine, run git rollbacks). These actions are within the declared purpose but are destructive/potentially disruptive if run without review. The SKILL.md also recommends adding an automatic SessionStart hook to run 'protect' at startup — this elevates the chance of automatic file modification. The pre-scan injection pattern ('ignore previous instructions') appears in the doc because the tool enumerates prompt-injection patterns to detect; this is expected for a security scanner.
Install Mechanism
No install spec — instruction-only + included Python script. Nothing is downloaded or executed from external URLs during installation. This is the lower-risk install model. The script writes snapshots into a .integrity directory within the workspace when baseline is taken (expected behavior).
Credentials
The skill requests no credentials or environment variables in the registry metadata. It uses OPENCLAW_WORKSPACE (documented) and the current working directory as workspace discovery mechanisms — both are reasonable for its function. No external API keys or unrelated secrets are requested.
Persistence & Privilege
always:false (good). The skill is user-invocable and allows autonomous invocation (default platform behavior). The SKILL.md recommends adding a SessionStart hook to run 'protect' automatically; enabling this gives the skill the ability to autonomously modify workspace files each session (restore, quarantine, rollback). This is coherent with the advertised 'Pro' behavior but is a high-privilege, potentially destructive operational mode that a user should opt into deliberately.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-warden-pro - After installation, invoke the skill by name or use
/openclaw-warden-pro - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Re-publish with proper metadata
v1.0.0
Initial release of openclaw-warden-pro, the complete security layer for agent workspaces.
- Adds automated threat response: restore, rollback, quarantine, and protection sweeps, enhancing detection-only free version.
- Includes commands to restore files from snapshots or git history, quarantine/unquarantine skills, and perform automated protection passes.
- Monitors critical, config, memory, and skill-related files for unauthorized changes with alerts.
- Fully local: uses only the Python3 standard library, no external dependencies or network.
- Cross-platform support for Darwin, Linux, and Windows; compatible with OpenClaw and other agent platforms.
Metadata
Frequently Asked Questions
What is OpenClaw Warden Pro?
Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security layer for agent workspaces. It is an AI Agent Skill for Claude Code / OpenClaw, with 1296 downloads so far.
How do I install OpenClaw Warden Pro?
Run "/install openclaw-warden-pro" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Warden Pro free?
Yes, OpenClaw Warden Pro is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenClaw Warden Pro support?
OpenClaw Warden Pro is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created OpenClaw Warden Pro?
It is built and maintained by AtlasPA (@atlaspa); the current version is v1.0.1.
More Skills