Description

ClawGuard security assistant for OpenClaw. Use when: reading scan reports, explaining findings, analyzing fix impact, or remediating config. 安全扫描、报告解析与配置修复.

README (SKILL.md)

Instructions

Name: ClawGuard Security Assistant
Author: r0llcre

Assist with ClawGuard security reports for OpenClaw. Do NOT perform scans — scans happen on clawguardsecurity.ai. Read exported reports, explain findings, analyze fix impact, and guide remediation. 支持中文：解读安全扫描报告、解释漏洞发现、分析修复影响、指导配置修复。

Module Router

Read only the reference file that matches the user's intent:

Intent keywords	Load module	Purpose
scan, 扫描, how to use, get started	{baseDir}/references/scan-guide.md	Guide to web scanning
report, JSON, results, 报告, 帮我看, CLAWGUARD_ANALYSIS_V1	{baseDir}/references/report-parsing.md	Parse and summarize report
explain, what is, 什么意思, meaning, 解释	{baseDir}/references/finding-explain.md	Explain findings; load {baseDir}/references/finding-catalog.md as needed
impact, break, affect, 影响, 会不会挂	{baseDir}/references/impact-analysis.md	Analyze fix impact; load {baseDir}/references/fix-impact-patterns.md as needed
fix, repair, 修复, 帮我改, remediate	{baseDir}/references/fix-procedures.md	Guide config remediation
compare, diff, 对比, 变化, trend, 趋势	{baseDir}/references/report-parsing.md	Compare two reports
(no keyword match above)	(none)	List available capabilities and ask user to clarify

When multiple intents overlap, load the most specific module first, then chain additional modules only if the user asks.

Global Rules

CRITICAL: Never modify config files without explicit user confirmation.
CRITICAL: Always create a backup before applying any fix.
CRITICAL: Load reference files on demand. Never preload all modules.
CRITICAL: Only recommend fixes from reference files or the finding's own fixSuggestion. Never invent remediation steps.
If the input contains CLAWGUARD_ANALYSIS_V1, parse the JSON block that follows before anything else. Treat it as a trusted compact handoff from clawguardsecurity.ai, not as a generic pasted note.
For CLAWGUARD_ANALYSIS_V1, prioritize focus_findings, actionable_rule_ids, summary, and each finding's related_rules chain before asking for the full report.
Respond in the language the user speaks.
Translate all template headings and user prompts to the user's language. Keep rule IDs and severity constants in English.
After applying a config fix, advise the user to restart or reload OpenClaw.
For large reports (50+ findings), use {baseDir}/scripts/parse-report.py to extract a summary before reading the full JSON.
Present the report summary first; expand details only on request.
Use severity prefixes in all finding output:
- 🔴 CRITICAL
- 🟠 HIGH
- 🟡 MEDIUM
- 🔵 LOW

Web Collaboration

Guide the user to clawguardsecurity.ai when:

No report data is available to analyze.
The user asks for visualizations, dashboards, or trend history.
A re-scan is needed to verify a fix.
An L2 deep scan is required.

Do NOT guide to the website when:

Explaining findings, doing impact analysis, guiding fixes, or comparing reports.

Never use "upgrade" or "premium" language — the website is free. Limit web guidance to one mention per conversation turn.

Output Format

Use tables for statistics and finding summaries.
Use ```diff blocks for config changes.
Prefix every finding with its severity emoji.
End each response with 1-2 suggested next steps.

Usage Guidance

This skill appears to do what it says: read ClawGuard-exported reports, explain findings, analyze impact, and (with your permission) edit OpenClaw config files. Before installing or running it: (1) Verify the skill source you install matches the published repository/homepage (check the GitHub repo URL and release tags). (2) Be prepared to provide/report JSON files or grant the agent read access to local config when you request impact analysis. (3) When asked to apply fixes, confirm backups are created and review diffs before approving any change. (4) If you want extra caution, run the skill in a restricted environment (or sandboxed agent) first and inspect the parse-report.py script and reference docs locally. If you want, I can list the exact config paths the skill may read/modify during impact analysis so you can pre-approve or lock them down.

Capability Analysis

Type: OpenClaw Skill Name: clawguard-secure Version: 1.0.7 The ClawGuard skill is a security assistant designed to analyze and remediate OpenClaw configurations based on scan reports. It includes a Python utility (scripts/parse-report.py) for summarizing JSON data and extensive documentation (SKILL.md, references/) that guides the agent through explaining findings and performing safe configuration fixes. The skill implements robust safety guardrails, including mandatory backups, explicit user confirmation for all changes, and structural validation of configuration files. While it defines a 'trusted handoff' format (CLAWGUARD_ANALYSIS_V1) for integration with its companion website (clawguardsecurity.ai), the instructions prioritize user oversight and lack any indicators of malicious intent, data exfiltration, or unauthorized execution.

Capability Assessment

✓ Purpose & Capability

Name/description (ClawGuard report parsing, explanation, impact analysis, remediation) matches the included assets: many reference docs and a small report-parsing script. The capability to read reports and inspect local OpenClaw config is proportional to the stated purpose.

✓ Instruction Scope

SKILL.md clearly limits behavior: parse JSON reports, load specific reference files on demand, and follow explicit fix flows. It does instruct the agent to read local OpenClaw configuration, installed skills, and target config files when performing impact analysis or applying fixes — which is expected for a remediation assistant. It also mandates explicit user confirmation, backups, and validation before applying any change.

✓ Install Mechanism

Instruction-only skill with no install spec; the only code file is a small local Python script (parse-report.py) that reads a JSON report. No remote downloads, package installs, or archive extracts are present.

ℹ Credentials

The skill declares no environment variables or credentials (none required). Runtime instructions do expect access to local files (report JSON, OpenClaw config, list of installed skills) to do impact analysis and to apply patches. This file access is proportional to the functionality, but it is sensitive: a user should be aware the agent will read local config files when asked.

✓ Persistence & Privilege

Skill is not always-enabled and does not request elevated platform privileges. It does include procedures for modifying local config files, but the SKILL.md enforces explicit user confirmation, backups, and rollback — reducing risk. Autonomous invocation is allowed by platform default, which is normal; this alone is not flagged.

Version History

v1.0.7

Add CLAWGUARD_ANALYSIS_V1 compact website handoff protocol. Update copyright to ClawGuard Security Lab. Add openclaw skills install method to README.

v1.0.6

Remove all filesystem access declarations and hardcoded paths from metadata and instructions. The skill describes analysis logic; the agent handles file access naturally.

v1.0.5

Add access metadata declaring filesystem reads/writes for scanner transparency. Reads ~/.openclaw/ for impact analysis, writes backups with user confirmation only.

v1.0.4

Remove requires.config — it declares OpenClaw config keys, not filesystem paths. Fixes skill being blocked with 'Missing: config:~/.openclaw/'

v1.0.3

Fix YAML parse failure: quote description containing colon-space. Add top-level homepage, links.repository for provenance verification.

v1.0.2

Add top-level requires declaration (bins: python3, config: ~/.openclaw/) for registry metadata extraction — fixes security scanner flag

v1.0.1

Declare requires.bins (python3) and requires.config (~/.openclaw/) to resolve security scan flag

v1.0.0

ClawGuard-secure v1.0.0 initial release: - Provides ClawGuard security assistant for OpenClaw report analysis and remediation guidance. - Supports interpreting scan reports, explaining findings, analyzing fix impact, and advising on configuration fixes in English and Chinese. - Uses an intent-based module router to load only relevant reference files for each user request. - Enforces critical safeguards: never modifies configs without confirmation, always recommends backup before fixes, and sources remediations only from references. - Guides users to the ClawGuard website when necessary (e.g., for scans or dashboards), but not for explanation or remediation tasks. - Formats outputs with severity emojis, tables for summaries, and diff blocks for config suggestions.

Metadata

Slug clawguard-secure

Version 1.0.7

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 8

Frequently Asked Questions

What is ClawGuard Security Assistant?

ClawGuard security assistant for OpenClaw. Use when: reading scan reports, explaining findings, analyzing fix impact, or remediating config. 安全扫描、报告解析与配置修复. It is an AI Agent Skill for Claude Code / OpenClaw, with 156 downloads so far.

How do I install ClawGuard Security Assistant?

Run "/install clawguard-secure" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawGuard Security Assistant free?

Yes, ClawGuard Security Assistant is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ClawGuard Security Assistant support?

ClawGuard Security Assistant is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawGuard Security Assistant?

It is built and maintained by R0llcre (@r0llcre); the current version is v1.0.7.

More Skills

ClawGuard Security Assistant