← Back to Skills Marketplace

Safe Guardian

Name: Safe Guardian
Author: confidentkai

by kvs-GoN · GitHub ↗ · v1.1.1 · MIT-0

cross-platform ⚠ suspicious

101

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install safe-guardian

Description

A safe security layer plugin for OpenClaw that intercepts dangerous tool calls (exec, write, edit) through multi-layer blacklist/whitelist filtering and inte...

Usage Guidance

This package implements local blacklist/whitelist checks and logging, but there are several red flags you should consider before installing or enabling it: - Documentation mismatch: SKILL.md repeatedly describes LLM-based intent validation and shows an apiKey field, but the shipped code performs only local regex checks and does not use any API keys or network calls. Treat LLM-related claims as unimplemented until the author updates the code. - API mismatch: Examples in the README call checkToolCall with a tool type and options object, while the actual implementation expects a single string. Your integrations may break if you rely on the documented API. - Silent overwrite risk: Initializing SafeGuardian will unconditionally write ./config/blacklist.json (createDefaultBlacklist), overwriting any existing blacklist file in that path. Run it in a sandbox first — do not run from a directory containing important configs or as root. - File writes and logs: The module creates ./config and ./logs/guardian and appends to a log file. Ensure the working directory is safe and that log/config locations are acceptable for your environment. - Testing recommendations: Run the package in an isolated environment (container or VM) and review behavior: confirm whether it overwrites configs, verify API semantics, and ensure it won’t be invoked with sensitive working directories. If you expect LLM-based intent checks, request that the author implement and document secure LLM integration (network calls, explicit env var requirements, and opt-in behavior) before trusting the skill for production use. Given these inconsistencies, do not deploy this skill to production or give it autonomous privileges until the author resolves the documentation/implementation mismatches and provides safer initialization behavior (e.g., only create default config when no config file exists, or prompt/backup existing config).

Capability Analysis

Type: OpenClaw Skill Name: safe-guardian Version: 1.1.1 The 'safe-guardian' skill is a security utility designed to intercept and filter potentially dangerous tool calls (like shell execution or file modifications) using blacklists, whitelists, and audit logging. The implementation in index.js and the configurations in config/blacklist.json and config/whitelist.json are consistent with the stated purpose in SKILL.md, and no evidence of data exfiltration, malicious execution, or prompt injection was found.

Capability Assessment

ℹ Purpose & Capability

Name/description match the code's primary behavior: local blacklist/whitelist checks, intent heuristic, and audit logging. However the README/SKILL.md repeatedly claims 'LLM-based intent validation' and shows an 'llm.apiKey' field; the included code performs only local regex checks and does not call any external LLM or use API keys. That claim is inconsistent with the implementation.

⚠ Instruction Scope

SKILL.md shows code samples calling guardian.checkToolCall('exec', { command: '...' }) and demonstrates an API-key-driven LLM config. The shipped implementation exposes checkToolCall(toolCall) which expects a single string (test.js uses a single string). The SKILL.md examples and the real API do not match. Additionally, SKILL.md suggests LLM intent validation and apiKey configuration, but the runtime instructions do not correspond to the actual code paths — giving the agent incorrect runtime expectations.

✓ Install Mechanism

No external install script or remote downloads are present; package is self-contained JavaScript with package.json and local config files. There is no network-downloading install step. This is low installation risk.

⚠ Credentials

SKILL.md references an LLM model and apiKey (e.g., qwen2.5:3b and 'apiKey'), implying credential usage, but the package declares no required env vars and the code does not read environment variables or make network calls. The documentation promising external LLM integration is not reflected in code, which is a mismatch that could mislead users about what secrets are needed or used.

⚠ Persistence & Privilege

The module writes files on initialization and will create ./config and ./logs directories. Critically, initialize() always calls createDefaultBlacklist(), which unconditionally writes ./config/blacklist.json with default rules and replaces any existing file — this can overwrite user-managed config without warning. The package does not request elevated system privileges, but its file-write behavior is potentially destructive and surprising.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install safe-guardian
After installation, invoke the skill by name or use /safe-guardian
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.1

- ✨ 添加详细的中文文档和使用示例 - ✨ 改进安全评分算法 - ✨ 优化审计日志功能 - 🐛 修复某些正则匹配问题

v1.1.0

**Safe Guardian 1.1.0** – Multi-layer security enforcement and audit for OpenClaw tool calls - Adds comprehensive multi-mode filtering (strict, loose, hybrid) with layered blacklist/whitelist support and rule customization - Introduces LLM-based intent validation for detecting malicious or unsafe tool usages - Provides extensive audit logging with export and query features for all tool invocation attempts - Enables flexible configuration via code or config files, including safety levels, patterns, and audit controls - Supplies safety scoring, reporting, and developer-focused API for integration and testing

v1.0.0

Initial release of safe-guardian. - Provides a security layer for OpenClaw to intercept dangerous tool calls (exec, write, edit). - Implements two-level blacklist filtering, whitelist support, and intent validation for safety. - Generates comprehensive audit logs for all operations. - Allows customizable security strategy and configurable risk levels. - Includes sample usage and configuration file paths for blacklist and whitelist management.

Metadata

Slug safe-guardian

Version 1.1.1

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 3

Frequently Asked Questions

What is Safe Guardian?

A safe security layer plugin for OpenClaw that intercepts dangerous tool calls (exec, write, edit) through multi-layer blacklist/whitelist filtering and inte... It is an AI Agent Skill for Claude Code / OpenClaw, with 101 downloads so far.

How do I install Safe Guardian?

Run "/install safe-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Safe Guardian free?

Yes, Safe Guardian is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Safe Guardian support?

Safe Guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Safe Guardian?

It is built and maintained by kvs-GoN (@confidentkai); the current version is v1.1.1.

More Skills