← Back to Skills Marketplace

ClawGuard | Anti-Malware Scanner & Honeypot

Name: ClawGuard | Anti-Malware Scanner & Honeypot
Author: tonyjb

by TonyJB · GitHub ↗ · v1.0.4

cross-platform ✓ Security Clean

671

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install clawguard-antimalware

Description

Intrusion Detection System & Dynamic Honeypot. Protects your workspace from malicious skills.

README (SKILL.md)

ClawGuard Agent Instructions

You are ClawGuard, a local security monitoring agent. Your primary objective is to detect unauthorized credential scraping and malicious skill payloads.

1. Safe Payload Generation (Honeypot)

Check if ~/.openclaw/workspace/routing_config_backup.json exists.
If it does not exist, use local_write to create it. Populate it with dummy internal system tokens and generic local API webhook endpoints. Do not use cryptocurrency keywords, wallets, or seed phrases.

2. Static Auditing (Read-Only)

On your heartbeat schedule, use local_read to scan newly added directories in ~/.openclaw/skills/.
Flag any SKILL.md files that contain obfuscated base64 strings, password-protected .zip extractions, or unrecognized curl | bash pipelines.

3. Incident Response & Approval Gate

MANDATORY POLICY: You are strictly prohibited from autonomously executing shell commands. All shell operations are protected by OpenClaw's require_approval policy.
If unauthorized access to the honeypot is detected, or a malicious file is flagged, immediately pause execution.
Use notify to send the following alert: "🚨 ClawGuard Alert: Suspicious activity detected in [Skill Name/Path]. Reply 'APPROVE' to quarantine this threat."
Await user input. You may only execute the local kill or mv shell commands to neutralize the threat AFTER the user explicitly confirms the action.

4. Operational Boundaries

Never modify or target the core openclaw daemon or any files outside of the ~/.openclaw/ directory.

Usage Guidance

This skill is internally consistent with its stated purpose: it will run periodically, create and monitor files inside ~/.openclaw/, and alert you when it sees suspicious skill files. Before installing, be aware that: - It will create a honeypot file (~/.openclaw/workspace/routing_config_backup.json) containing fake tokens; review or remove that file if you don't want decoy secrets on disk. - It requests shell permission, but the skill metadata requires you to approve any shell actions explicitly — do not approve shell commands unless you understand the exact command and why it is needed. - There is no source repo or homepage provided (author identity is unknown) — lack of upstream code makes independent verification harder. If you rely on this for protection, consider manually reviewing the files it creates and testing that your platform enforces the require_approval policy. Overall: coherent and appropriately scoped, but exercise standard caution because the author/source are not verifiable and the honeypot behavior places decoy tokens on your filesystem.

Capability Analysis

Type: OpenClaw Skill Name: clawguard-antimalware Version: 1.0.4 The skill 'clawguard-antimalware' is designed as an intrusion detection system and honeypot. Its `skill.md` instructions clearly outline defensive actions, such as creating a dummy honeypot (`~/.openclaw/workspace/routing_config_backup.json`) and scanning for malicious patterns like `base64` strings or `curl | bash` pipelines in other skills. While it requests `shell` permission, it explicitly states that all shell operations require user approval and are limited to `kill` or `mv` commands for threat neutralization. There is no evidence of data exfiltration, unauthorized execution, persistence, or prompt injection with malicious intent. The external URL in `Support ClawGuard Development.txt` is for donations, not for malicious purposes.

Capability Assessment

✓ Purpose & Capability

The name/description (local IDS + honeypot) matches the requested capabilities: local_read and local_write to place and inspect honeypot files, notify to alert the user, and shell access listed but gated by an approval policy. No unrelated credentials, binaries, or network endpoints are requested.

ℹ Instruction Scope

Runtime instructions are narrowly scoped to ~/.openclaw/ (create a honeypot file, scan ~/.openclaw/skills/ for suspicious patterns, and notify the user). This is coherent. Minor note: the skill asks to populate a file with 'dummy internal system tokens' — while intended as bait, that will place fabricated secrets under ~/.openclaw/ and could be detected/used by other tools; user should understand and consent to the creation of such decoy data.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files — nothing is downloaded or written at install time by the skill itself. This is the lowest-risk install model.

✓ Credentials

No environment variables, credentials, or external service tokens are requested. The permission set (local_read, local_write, shell, notify) is proportionate to a local honeypot/IDS; shell is present but explicitly constrained by a require_approval policy in the metadata.

ℹ Persistence & Privilege

always:false (normal). The skill includes a cron heartbeat metadata entry and requests local filesystem and shell permissions to operate periodically; this is expected for an IDS. The requirement that shell commands be subject to require_approval mitigates autonomous destructive actions. Confirm your platform enforces the require_approval policy as intended before granting shell approval.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install clawguard-antimalware
After installation, invoke the skill by name or use /clawguard-antimalware
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.4

**ClawGuard 1.0.6 Changelog** - Updated honeypot file: replaced creation of decoy crypto wallet with a config backup containing dummy system tokens and generic webhooks (no wallet or seed phrase keywords). - Added `policies.require_approval` for all shell operations to enforce approval gates. - Tightened incident response: shell commands (quarantine/kill) are strictly gated by policy and explicit user approval. - Clarified alerts and user interaction: standardized notification wording and user approval process. - Maintained existing auditing and operational boundaries.

v1.0.3

- Switched to a human-in-the-loop security model: no automatic process termination or file quarantine; user approval required for any intervention. - Updated honeypot/decoy logic: generates a fake wallet file with plausible but safe credentials in a new workspace location. - Increased scan interval from every 5 minutes to every 10 minutes. - Refined threat detection: flags suspicious skill files (e.g., obfuscated code, unauthorized scripts) and alerts the user via chat. - Reduced permissions scope and clarified operational boundaries: never target openclaw core or files outside the user's `.openclaw` directory.

v1.0.2

ClawGuard 1.0.2 Changelog - Upgraded from static to dynamic honeypot generation with high-value JSON payload at `~/.openclaw/settings_backup_keys.json`. - Hardened active defense: offending skills are both terminated (`kill -9`) and force-moved to quarantine on honeypot access. - Enhanced static analysis: directory auditing now matches more aggressive regex patterns and scrutinizes network call whitelists. - Runtime firewall now enforces immediate packet blocking for unauthorized outbound connections. - Added `shell` permission and metadata indicating a requirement for `kill` and `mv` binaries. - Updated tags for better discoverability and clarified documentation throughout.

v1.0.1

- Removed the honeypot decoy file settings_backup_keys.json from the skill package. - No changes to core logic or functionality.

v1.0.0

ClawGuard 1.0.0 – Initial Release - Introduces a three-tier anti-malware and intrusion prevention system for OpenClaw. - Deploys an active honeypot decoy file to detect credential-harvesting attempts and terminate malicious skills. - Executes automated directory scans every 5 minutes to identify and quarantine compromised or suspicious skills. - Monitors network traffic in real time, blocking unauthorized outbound connections and alerting the user. - Operates with zero telemetry and local-only permissions for enhanced privacy.

Metadata

Slug clawguard-antimalware

Version 1.0.4

License —

All-time Installs 10

Active Installs 10

Total Versions 5

Frequently Asked Questions

What is ClawGuard | Anti-Malware Scanner & Honeypot?

Intrusion Detection System & Dynamic Honeypot. Protects your workspace from malicious skills. It is an AI Agent Skill for Claude Code / OpenClaw, with 671 downloads so far.

How do I install ClawGuard | Anti-Malware Scanner & Honeypot?

Run "/install clawguard-antimalware" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawGuard | Anti-Malware Scanner & Honeypot free?

Yes, ClawGuard | Anti-Malware Scanner & Honeypot is completely free (open-source). You can download, install and use it at no cost.

Which platforms does ClawGuard | Anti-Malware Scanner & Honeypot support?

ClawGuard | Anti-Malware Scanner & Honeypot is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawGuard | Anti-Malware Scanner & Honeypot?

It is built and maintained by TonyJB (@tonyjb); the current version is v1.0.4.

More Skills