← Back to Skills Marketplace
davida-ps

picoclaw-security-guardian

by davida-ps · GitHub ↗ · v0.0.1 · MIT-0
cross-platform ✓ Security Clean
37
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install picoclaw-security-guardian
Description
Picoclaw security posture skill with advisory awareness, configuration drift detection, and supply-chain verification guidance.
README (SKILL.md)

Picoclaw Security Guardian

Detailed architecture/operator docs: wiki/modules/picoclaw-security-guardian.md.

Goal

Provide Picoclaw with the same support-matrix security capabilities ClawSec tracks for mature platform modules:

Skill name supported platform security feed config drift agent posture-review lane chain of supply verification
picoclaw-security-guardian Picoclaw Yes Yes Separate package Yes

Threat model

Picoclaw is a lightweight AI gateway that can expose chat channels, a Web UI, tool execution, MCP servers, credentials, schedulers, and embedded/router deployments. This skill focuses on the trust boundaries where those features become security-sensitive.

Default safety posture

  • Read-only by default.
  • No scheduler creation in v0.0.1.
  • No outbound network by default.
  • Writes only explicit report/profile outputs under $PICOCLAW_HOME/security/clawsec/ unless the operator supplies test-local temporary paths.
  • Advisory checks fail closed when verification state is not verified unless the operator passes --allow-unsigned for a documented emergency/offline window.

Security advisory awareness

Use scripts/check_advisories.mjs with a local feed/cache and verification state:

node scripts/check_advisories.mjs   --feed ~/.picoclaw/security/clawsec/feed.json   --state ~/.picoclaw/security/clawsec/feed-verification-state.json

The script filters advisories for picoclaw, ai-gateway, empty/all-platform advisories, or affected package entries containing picoclaw.

Drift protection

Generate a deterministic profile:

node scripts/generate_profile.mjs   --output ~/.picoclaw/security/clawsec/current-profile.json

Compare against an approved baseline:

node scripts/check_drift.mjs   --baseline ~/.picoclaw/security/clawsec/baseline-profile.json   --current ~/.picoclaw/security/clawsec/current-profile.json   --fail-on critical

Critical drift includes public Web UI enablement, Web UI auth disablement, workspace restriction disablement, unsigned/insecure verification mode, verified-feed regression, and watched-file/release-artifact fingerprint changes.

Chain-of-supply verification

Verify a Picoclaw release artifact against a checksum manifest plus detached signature. Signed manifest verification is required for a passing supply-chain verdict:

node scripts/verify_supply_chain.mjs \
  --artifact ./picoclaw \
  --checksums ./checksums.json \
  --signature ./checksums.json.sig \
  --public-key ./feed-signing-public.pem

Checksum-only mode is integrity-only, not provenance. Use --allow-unsigned-checksums only for short, documented offline triage windows; it should not satisfy production install verification.

Operator review notes

  • Treat public UI binding (0.0.0.0, -public) as a critical review item until auth and network allowlists are proven.
  • Treat MCP servers as separate trust boundaries; review each server's filesystem, network, and credential access.
  • Treat third-party OpenWrt/LuCI wrappers as separate supply-chain artifacts. Verify provenance before installing them on routers.
  • Never leave unsigned advisory mode enabled in recurring or production checks.

Validation

python utils/validate_skill.py skills/picoclaw-security-guardian
node skills/picoclaw-security-guardian/test/profile.test.mjs
node skills/picoclaw-security-guardian/test/drift.test.mjs
node skills/picoclaw-security-guardian/test/supply_chain.test.mjs
bash -n skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh

Pre-release install regression

Before publishing v0.0.1 release artifacts, run the isolated install lane from the repo root:

skills/picoclaw-security-guardian/test/picoclaw_security_guardian_sandbox_regression.sh

The regression installs the skill through Picoclaw's own find_skills / install_skill path from a local ClawHub-compatible registry into an isolated Docker-hosted Picoclaw workspace with isolated HOME, PICOCLAW_HOME, and PICOCLAW_WORKSPACE. It verifies signed release-artifact preflight inputs, confirms Picoclaw's skill loader can list/load the installed skill, then runs the installed copy's profile, drift, advisory fail-closed, advisory filtering, and supply-chain verification paths against Picoclaw-style config.json and launcher-config.json files.

Usage Guidance
This package appears internally consistent and implements the features it claims. Before installing or running tests: 1) Run the scripts in an isolated/test environment (the regression harness runs Docker and builds/runs Picoclaw code). 2) Only provide verified advisory feeds, checksum manifests, and public keys from trusted sources — the skill enforces signed manifests by default and using '--allow-unsigned*' flags weakens guarantees. 3) Check your PICOCLAW_HOME and any --watch / --artifact paths you pass to avoid scanning or exposing unrelated files. 4) Review the regression/test harness before running it on a machine with sensitive data (it spawns containers, generates keys, and exercises install paths). Overall the code reads as a focused Picoclaw security helper — there are no unexplained network endpoints or unrelated credential requests.
Capability Analysis
Type: OpenClaw Skill Name: picoclaw-security-guardian Version: 0.0.1 The skill is a security auditing tool for the Picoclaw platform, providing configuration drift detection, advisory filtering, and supply-chain verification. It demonstrates security-conscious design, such as path-confinement checks in lib/profile.mjs to prevent directory traversal and Ed25519 signature verification in lib/supply_chain.mjs. The complex regression harness (test/picoclaw_security_guardian_sandbox_regression.sh) is a legitimate integration test that uses Docker and a local mock registry to verify installation workflows, and no evidence of data exfiltration, malicious execution, or prompt injection was found.
Capability Tags
cryptorequires-walletrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description map to the actual files and runtime behavior: scripts and libs implement advisory filtering, deterministic profile generation, drift diffing, and checksum+signature verification. Declared binaries (node) and optional env vars are Picoclaw-specific and proportionate.
Instruction Scope
SKILL.md and the scripts only read Picoclaw config files / watched files, produce confined outputs under PICOCLAW_HOME, and require a local advisory feed or checksum manifests. The test/regression instructions do start Docker, run a local HTTP registry, and exercise Picoclaw-specific install flows — these are test harness actions, documented and isolated to pre-release regression.
Install Mechanism
No install spec is declared (instruction-only skill). All code is included in the repo and nothing is downloaded from third-party URLs. Tests pull docker images and use system tools, but there is no external archive download at install-time in the skill manifest itself.
Credentials
No required credentials or unrelated env vars are requested. Optional env vars are Picoclaw-specific (PICOCLAW_HOME, PICOCLAW_CONFIG, etc.). The code inspects config files within Picoclaw paths only, which is consistent with the stated purpose.
Persistence & Privilege
Skill does not request always:true and is described as read-only/on-demand in v0.0.1. It does not modify other skills or system-wide agent settings; outputs are confined to PICOCLAW_HOME and the code enforces path confinement and symlink checks.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install picoclaw-security-guardian
  3. After installation, invoke the skill by name or use /picoclaw-security-guardian
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.1
Release 0.0.1 via CI
Metadata
Slug picoclaw-security-guardian
Version 0.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is picoclaw-security-guardian?

Picoclaw security posture skill with advisory awareness, configuration drift detection, and supply-chain verification guidance. It is an AI Agent Skill for Claude Code / OpenClaw, with 37 downloads so far.

How do I install picoclaw-security-guardian?

Run "/install picoclaw-security-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is picoclaw-security-guardian free?

Yes, picoclaw-security-guardian is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does picoclaw-security-guardian support?

picoclaw-security-guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created picoclaw-security-guardian?

It is built and maintained by davida-ps (@davida-ps); the current version is v0.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments