← Back to Skills Marketplace
kofna3369

Merlin Clawguard

by Kofna3369 · GitHub ↗ · v1.3.0 · MIT-0
cross-platform ⚠ suspicious
151
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install merlin-clawguard
Description
Système immunitaire numérique pour agents autonomes. Détecte les skills malveillantes via Clawdex (par Koi), scanne avec 4 vaccines Python (C2, rootkits, cha...
Usage Guidance
This package implements a local threat scanner and many detection rules are present in the included Python vaccines — that matches the stated purpose. However the repository shows several coherence issues (mismatched import paths, duplicate entrypoint files, and SKILL.md metadata that does not align with the manifest), and the author/source are unknown with no homepage. Before installation: 1) Review the full vaccine_* modules (especially the truncated files) for any network calls, obfuscated code, or write/delete operations; 2) Test the scanner in a sandboxed environment (no production secrets) to observe its behavior and runtime import errors; 3) Confirm provenance or prefer a scanner from a known maintainer; 4) If you plan to let the agent invoke this autonomously, consider restricting its permissions and ensuring it cannot block or uninstall other skills without explicit human review. The inconsistencies increase risk of accidental misbehavior or runtime surprises — proceed with caution.
Capability Analysis
Type: OpenClaw Skill Name: merlin-clawguard Version: 1.3.0 Merlin-ClawGuard is a comprehensive defensive security suite designed to protect OpenClaw agents from malicious skills. The bundle includes a unified scanner (merlin-guard.py) and multiple specialized detection modules (vaccines VAX-001 through VAX-030) that use extensive regex signatures and behavioral analysis to identify data exfiltration, C2 infrastructure, rootkits, and supply chain attacks like typosquatting. The code is transparent, well-documented, and its capabilities are strictly aligned with its stated purpose of threat detection and community protection.
Capability Assessment
Purpose & Capability
The skill claims to be a threat scanner for ClawHub/Moltbook and the included Python modules implement many detection heuristics, which is coherent. However there are multiple mismatches between declared requirements/paths and the actual file layout: SKILL.md metadata lists a Python module requirement (aiohttp) even though the registry declares only curl/python3; the CLI wrappers use sys.path entries like 'VAX-030-package-ecosystem' and 'VAX-027-data-exfiltration-c2' while the file manifest contains vaccines/VAX-027 and vaccines/VAX-030. Duplicate similar entrypoint files (merlin-guard.py vs merlin_guard.py) with differing behavior also indicate sloppy packaging. These inconsistencies are not justified by the stated purpose and may cause runtime import errors or unexpected import behavior.
Instruction Scope
The SKILL.md usage is scoped to scanning skill files and calling a recommended Clawdex HTTP endpoint; it does not instruct the agent to read arbitrary system files or exfiltrate secrets. The embedded vaccine modules scan text for many risky patterns (C2 domains, webhooks, base64 blobs, kernel/rootkit indicators). That behavior is expected for a scanner, but some detectors rely on high-weight heuristics and string matching which can produce false positives and lead to aggressive 'BLOQUER' decisions. SKILL.md recommends curl to an external 'clawdex.koi.security' endpoint — network calls to that endpoint are suggested but not automatically performed by the included code. No instructions request unrelated environment variables or secret access.
Install Mechanism
There is no install spec (instruction-only install) so nothing is downloaded or extracted during installation. The risk surface is limited to the bundled Python files which will be executed by the agent when invoked. No external URLs are fetched by an installer step; still, because code files are present they will run locally when the skill is used.
Credentials
The skill does not require credentials or config paths (registry shows none), which is proportionate to its scanning purpose. Minor inconsistency: SKILL.md metadata lists a Python dependency ('aiohttp') that is not declared elsewhere and the registry lists only curl and python3 as required binaries. There is no request for secrets, but the code performs pattern matching on skill code that could include tokens if the scanned skill contains them — users should avoid scanning sensitive production secrets with third-party scanners.
Persistence & Privilege
The skill does not request always:true and does not declare privileged persistence or modification of other skills. Model invocation is allowed (platform default). The scanner could be invoked autonomously to flag or recommend blocking skills, but nothing in the package attempts to modify agent configuration or persist credentials.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install merlin-clawguard
  3. After installation, invoke the skill by name or use /merlin-clawguard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
VACCIN 30: Package Ecosystem Attacks (typosquatting, dependency confusion, malicious hooks). Scanner now has 5 vaccines Python.
v1.2.0
VACCIN 27-29 Python: Scanner CLI unifie (4 vaccines), Cross-Vector Detection, Rootkit/Bootkit. 2371 menaces couvertes.
v1.1.0
Updated to use real Clawdex API. Improved threat detection.
v1.0.0
Création initiale: Immunité numérique pour agents autonomes
Metadata
Slug merlin-clawguard
Version 1.3.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Merlin Clawguard?

Système immunitaire numérique pour agents autonomes. Détecte les skills malveillantes via Clawdex (par Koi), scanne avec 4 vaccines Python (C2, rootkits, cha... It is an AI Agent Skill for Claude Code / OpenClaw, with 151 downloads so far.

How do I install Merlin Clawguard?

Run "/install merlin-clawguard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Merlin Clawguard free?

Yes, Merlin Clawguard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Merlin Clawguard support?

Merlin Clawguard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Merlin Clawguard?

It is built and maintained by Kofna3369 (@kofna3369); the current version is v1.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments