← Back to Skills Marketplace
permission guard
by
billyhetech
· GitHub ↗
· v1.0.0
· MIT-0
81
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install permission-guard-v1
Description
Security watchdog for OpenClaw agents that monitors installed skill behavior, detects unauthorized file access, suspicious outbound network calls, dangerous...
Usage Guidance
This skill appears to do what it says: local monitoring and reporting of file access, network connections, and suspicious commands. Before installing: (1) Review and accept that it will create ~/.openclaw/permission-guard.log and baseline files and will scan your home directory. (2) Do not run your agent as root solely to enable the watchdog—some checks (like /etc/shadow) require elevation and granting that broadly increases risk. (3) Consider running the script manually first to inspect its output and confirm it behaves as you expect. (4) If you allow autonomous invocation, require the agent to prompt you before running checks that access sensitive areas. If you need stricter guarantees, prefer running the watchdog on-demand or in a limited account rather than granting it elevated system privileges.
Capability Analysis
Type: OpenClaw Skill
Name: permission-guard-v1
Version: 1.0.0
The skill functions as a security watchdog but requires high-risk capabilities, including broad filesystem inspection of sensitive directories (~/.ssh, ~/.aws, ~/.gnupg) and network connection monitoring via 'ss'. While these actions are aligned with its stated purpose of auditing agent behavior, the requirement for extensive shell access and the potential for path injection during the baseline creation step in SKILL.md (using unsanitized skill names in file paths) meet the criteria for a suspicious classification.
Capability Assessment
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md explicitly performs filesystem and network inspection, keeps a local log, and produces permission reports. The requested actions (find, ss, grep, stat, touch, mkdir) are proportionate to a watchdog that monitors agent behavior.
Instruction Scope
Instructions instruct the agent to scan the user's home and review system network state and command logs, and to maintain files under ~/.openclaw. This is within the declared monitoring scope, but the checks reference sensitive paths (e.g., ~/.ssh, ~/.aws, /etc/shadow) and will only be fully effective if the agent has sufficient privileges to see them. The SKILL.md also assumes standard shell tools (find, ss, grep, stat, touch, mkdir) exist but the registry metadata lists no required binaries — a minor mismatch to be aware of.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is downloaded or written beyond the logs and baselines described in the SKILL.md.
Credentials
The skill requests no environment variables, no credentials, and no external config paths. It does not ask for or embed secrets and explicitly states logs remain local.
Persistence & Privilege
The skill writes to ~/.openclaw/permission-guard.log and creates baseline files under ~/.openclaw/baselines; this is reasonable for a watchdog but does create persistent artifacts in the user's home. The skill is not always:true and does not require elevation in its metadata, but to inspect some system files (e.g., /etc/shadow) it would need elevated privileges — avoid running the agent as root unless you understand the implications.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install permission-guard-v1 - After installation, invoke the skill by name or use
/permission-guard-v1 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Permission Guard with security monitoring and audit functionality for OpenClaw agents:
- Monitors skill behavior: tracks file access, outbound network calls, and dangerous command usage.
- Generates activity and permission audit reports, highlighting suspicious or unauthorized actions.
- Maintains a local activity log with rotation and clear event formatting.
- Performs sensitive file access checks, network connection review, dangerous command pattern detection, and behavioral drift analysis.
- Detects and flags critical violations (e.g., credentials read + outbound call) and recommends remediation actions.
- Triggers first-run behavioral baselines when new skills are installed to help identify future anomalies.
- Output includes a clear, user-focused assessment with actionable recommendations.
Metadata
Frequently Asked Questions
What is permission guard?
Security watchdog for OpenClaw agents that monitors installed skill behavior, detects unauthorized file access, suspicious outbound network calls, dangerous... It is an AI Agent Skill for Claude Code / OpenClaw, with 81 downloads so far.
How do I install permission guard?
Run "/install permission-guard-v1" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is permission guard free?
Yes, permission guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does permission guard support?
permission guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created permission guard?
It is built and maintained by billyhetech (@billyhetech); the current version is v1.0.0.
More Skills