← Back to Skills Marketplace
1300
Downloads
1
Stars
10
Active Installs
1
Versions
Install in OpenClaw
/install clawshield
Description
OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs.
README (SKILL.md)
ClawShield
Purpose
Audit a local OpenClaw install for security posture and common prompt-injection indicators. Produces a JSON report for review and alerting.
Workflow
- Canvas present: Launch the panel server and present the UI.
- User config: Update
config.yaml(scan frequency, alerts, sensitivity). - Cron setup: Schedule
scripts/audit.shat the chosen cadence. - Report/Alert: Review JSON output and alert if prompt-injection hits or unexpected open ports are found.
Usage
Panel (recommended)
node scripts/panel-server.js
Then present the UI:
canvas.present→http://localhost:8133(Scan / Settings / Logs)
Config (CLI)
node scripts/config.js get
node scripts/config.js set Scan_freq daily alerts telegram sensitivity high
Audit (CLI)
bash scripts/audit.sh > report.json
Notes
- Local-only scans; no network calls outside localhost.
- Panel server is local and stores the last report at
logs/last-report.json. config.yamldefaults: Scan_freq=daily, alerts=telegram, sensitivity=high.- Safe for routine security checks and “frenzy-proofing”.
Contact: Jeffrey Coleman | [email protected] | Custom audits/enterprise.
Usage Guidance
Do not install or run this skill blindly. Specific things to check before using: 1) The SKILL.md references node scripts (scripts/panel-server.js and scripts/config.js) and config.yaml, but those files are missing — ask the author for the missing code or treat the panel instructions as non-functional. 2) The audit script expects local commands (openclaw, session_status) and python3 and optionally nmap; verify those are intended and present on your system. 3) The script scans workspace/memory and skills directories and includes status output verbatim in the JSON report — these files often contain secrets or system prompts, so review what will be read and where the resulting report will be stored/transmitted before running. 4) The default WORKDIR/OUTDIR are hard-coded to /Users/BillyAssist/... — update these to safe paths before running. 5) If you plan to follow the cron/alerting suggestions, confirm how alerts would be sent (there is no Telegram integration in the package), and avoid providing credentials until you verify the alerting implementation. If you cannot validate these points, run the audit.sh in a sandboxed environment and inspect its output first.
Capability Analysis
Type: OpenClaw Skill
Name: clawshield
Version: 1.1.0
The skill 'ClawShield' is designed for local security auditing, including prompt injection detection and local port scanning. The `scripts/audit.sh` script executes local commands (`openclaw status`, `session_status`), performs `grep` for PI patterns in local directories, and runs `nmap` strictly limited to `127.0.0.1` for ports 1-1024. It outputs a JSON report to stdout without any evidence of data exfiltration, external network communication, unauthorized persistence mechanisms (beyond the stated intent to schedule local audits), or malicious execution. The `SKILL.md` and `references/threats.md` do not contain prompt injection attempts, but rather describe the skill's purpose and general security risks.
Capability Assessment
Purpose & Capability
The description says it audits OpenClaw for prompt-injection and related risks; the included scripts (scripts/audit.sh) implement local PI pattern scans and a loopback port scan and produce JSON — that matches the stated purpose. However SKILL.md instructs running node scripts (scripts/panel-server.js and scripts/config.js) and editing config.yaml, none of which are included. The manifest also declares no required binaries/env, but the audit script expects commands like openclaw, session_status, python3 (and optionally nmap). These mismatches are incoherent.
Instruction Scope
SKILL.md tells the agent to launch a panel server, run node-based config CLI, update config.yaml and schedule the audit in cron. The package does not include the referenced node scripts or config.yaml; the panel UI provided is a static HTML file that does not actually run the audit. The audit.sh scans local memory and skills directories (which may legitimately contain conversation data), and writes full status outputs to the report — so it will read potentially sensitive local files. SKILL.md claims 'Local-only scans', which matches the script (it uses loopback for nmap), but claims alerting via Telegram by default with no implementation present.
Install Mechanism
No install spec — instruction-only skill with a small bash script and static assets. That is lower risk than arbitrary downloads or installers. Nothing in the package writes system files or includes an installer.
Credentials
The registry declares no required environment variables or credentials, which is good, but the audit script reads local OpenClaw status and session outputs, and scans 'memory' and 'skills' directories by default. Those locations commonly hold sensitive context (system prompts, conversation history, tokens). The script will include those outputs verbatim in its JSON report, and SKILL.md references alerting (telegram) without providing the integration — a mismatch that could lead a user to add credentials later. Also the script's default WORKDIR/OUTDIR are hard-coded to a specific user path (/Users/BillyAssist/...), which is unexpected and could cause the tool to scan different locations than the user intends.
Persistence & Privilege
The skill does not request 'always: true', does not self-install, and has no install hook. SKILL.md recommends the user schedule scripts/audit.sh in cron — that would create persistence only if the user follows instructions. This is a normal design for monitoring tools but is a persistence step under the user's control; still, instructing cron setup without included config files is inconsistent and should be validated by the user.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawshield - After installation, invoke the skill by name or use
/clawshield - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
ClawShield 1.1.0 — OpenClaw's Always‑On Security Cop
🚨 **12% of ClawHub skills are malicious.** ClawShield catches prompt‑injection, API leaks, and hidden threats *before* they hit.
**What it does:**
✅ Scans every line for PI patterns + tool abuse
✅ Finds exposed API keys (Downloads/Desktop)
✅ Monitors new files + ports
✅ Plain‑English logs (no JSON)
**Easy UI panel:**
🔍 SCAN NOW button
⚙️ Settings (daily/weekly scans, sensitivity)
⏰ Cron auto‑setup
🔔 Alerts (Telegram/Email)
**Cheat code for cheap models:**
High‑risk LLMs need this. Logs everything while you're away.
**Local‑only, privacy‑safe.** Frenzy‑proof your Claw.
Contact: Jeffrey Coleman | [email protected]
Tags: security, pi-detector, audit, frenzy-proof, api-leak, agent-guard, Security, Pi, Audit, Malicious Software Security, Hacker Protection, Prompt Injection protection, API security, Skill Safety, Vuln Check, frenzy-proof, clawhub safe, malware-scan, agent-guard
Metadata
Frequently Asked Questions
What is ClawShield?
OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs. It is an AI Agent Skill for Claude Code / OpenClaw, with 1300 downloads so far.
How do I install ClawShield?
Run "/install clawshield" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ClawShield free?
Yes, ClawShield is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ClawShield support?
ClawShield is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ClawShield?
It is built and maintained by Poolguy24 (@poolguy24); the current version is v1.1.0.
More Skills