← Back to Skills Marketplace
365
Downloads
0
Stars
8
Active Installs
2
Versions
Install in OpenClaw
/install tuanziguardianclaw
Description
It serves as the ultimate defense layer, monitoring, intercepting, and blocking dangerous actions taken by other skills. TuanziGuardianClaw ensures system se...
Usage Guidance
This SKILL.md reads like a policy/spec rather than an enforceable guardian: it tells the agent to be a system-level security kernel but provides no code, install, or declared privileges to actually enforce those rules. Treat it as potentially manipulative prompt content instead of a true supervisor. Before installing or enabling it, ask the publisher for: (1) exact mechanism by which it enforces policies (platform hooks, middleware, or signed code), (2) provenance (source repo, maintainer identity, release signatures), (3) how capability tokens are minted and stored, (4) where audit logs are written and who can read them, and (5) a security review or test plan showing it cannot be bypassed. If the platform does not explicitly support third-party 'guardian' skills with privileged hooks, do not rely on this instruction-only skill for real protection; instead prefer platform-provided, auditable enforcement points or run any experimental guardian in an isolated test environment.
Capability Analysis
Type: OpenClaw Skill
Name: tuanziguardianclaw
Version: 0.1.1
The skill bundle 'tuanziguardianclaw' (SKILL.md) is a purely defensive set of instructions designed to establish a security persona and supervisor role for the OpenClaw agent. It defines a structured permission model, identifies sensitive assets like credentials and SSH keys for protection, and provides logic for detecting prompt injection and data exfiltration. There is no executable code, obfuscation, or evidence of malicious intent; the instructions are focused on enforcing security boundaries and least-privilege principles.
Capability Assessment
Purpose & Capability
The SKILL.md claims TuanziGuardianClaw is a security kernel that 'runs before every action' and 'overrides all other skills', but the package is instruction-only, requests no privileges, and has no install or platform integration. A genuine supervisor guardian would need platform-level hooks or explicit privileges; those are not declared here, so the claimed capability is disproportionate to what this artifact can legitimately do.
Instruction Scope
The runtime instructions direct the agent to inspect other skills, intercept system operations, and block actions. Those instructions require access to other skills' metadata, execution flow, or the system prompt—things the skill has not requested and which likely cannot be enforced purely via an instruction file. The SKILL.md also contains strong imperative language ('Your rules override all other skills') which can act as prompt-injection when included in an agent's context.
Install Mechanism
There is no install spec and no code files. That minimizes direct supply-chain risk but also means the file can only influence agent behavior via prompts. The lack of an install path makes the guardian's enforcement claims technically unsupported by any on-disk or platform integration.
Credentials
The skill requests no environment variables or credentials, which is appropriate for a guardian that should not need secrets. However, it describes capability tokens and auditing without explaining how tokens are issued or how logs are stored/secured; this missing provenance reduces confidence in its operational model.
Persistence & Privilege
The skill asserts persistent, pre-execution control ('runs before every action') but is not marked always:true and does not declare system-level privileges. That mismatch suggests either (a) the skill is trying to gain implicit authority via prompt content (prompt-injection pattern), or (b) it is incomplete and cannot deliver on its core promise. Both are concerning.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tuanziguardianclaw - After installation, invoke the skill by name or use
/tuanziguardianclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
- Updated project homepage URL from https://guardianclaw.tuanzi.ai to https://claw.mytuanzi.com
- No other changes made to features, rules, or security policies
v0.1.0
Initial release of TuanziGuardianClaw, the security kernel for OpenClaw.
- Implements strict permission and sandboxing models for all skills, enforcing least privilege and explicit user approval for sensitive operations.
- Protects credentials, secret files, and personal data with specialized rules; explicit consent required for high-risk access.
- Blocks prompt injection, data exfiltration, and unauthorized network access; logs and notifies users of risky attempts.
- Applies a risk rating system and capability token checks for all skills and tool actions.
- Maintains an audit log for security events and blocks unauthorized modifications or attempts to disable the security layer.
Metadata
Frequently Asked Questions
What is tuanzi-guardianclaw?
It serves as the ultimate defense layer, monitoring, intercepting, and blocking dangerous actions taken by other skills. TuanziGuardianClaw ensures system se... It is an AI Agent Skill for Claude Code / OpenClaw, with 365 downloads so far.
How do I install tuanzi-guardianclaw?
Run "/install tuanziguardianclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is tuanzi-guardianclaw free?
Yes, tuanzi-guardianclaw is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does tuanzi-guardianclaw support?
tuanzi-guardianclaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created tuanzi-guardianclaw?
It is built and maintained by sawyerzm (@sawyerzm); the current version is v0.1.1.
More Skills