← Back to Skills Marketplace
SkillFence
by
deeqyaqub1-cmd
· GitHub ↗
· v1.0.6
1912
Downloads
3
Stars
2
Active Installs
7
Versions
Install in OpenClaw
/install skillfence
Description
Runtime security monitor for OpenClaw skills. Watches what your installed skills actually DO — network calls, file access, credential reads, process activity. Not a scanner. A watchdog.
Usage Guidance
SkillFence appears coherent with its purpose as a local runtime monitor. Before installing: 1) Review the monitor.js file yourself (it’s small and included) to confirm behavior you’re comfortable with. 2) Confirm you trust the source/ GitHub repo the README points to (the registry owner ID, homepage, and GitHub repo user differ — verify origin). 3) Run it as a normal user (not root) so logs and scans run with limited privileges. 4) Note it will create files in your HOME (audit log, session state, license); back up sensitive files if you need to. 5) If you plan to enable any Pro/dashboard integration, confirm what data (if any) is sent externally — the bundled code appears local-only, but documentation references an external dashboard. Finally, when using features that analyze arbitrary commands/messages, avoid passing untrusted input that might be interpreted as shell commands; the monitor inspects strings, but always be cautious.
Capability Analysis
Type: OpenClaw Skill
Name: skillfence
Version: 1.0.6
The OpenClaw SkillFence skill is a runtime security monitor designed to detect malicious behavior in other skills. Its code (`monitor.js`) and documentation (`SKILL.md`, `README.md`) consistently describe a tool that performs system introspection (process monitoring, network connection analysis, file access timestamp checks) and code scanning of other skills. Crucially, the skill explicitly claims and the code verifies that it is 'read-only' (only modifying its own state/log files, not other system files or credentials' contents) and 'never makes outbound network requests'. The use of `execSync` for system commands (like `ps aux`, `lsof`, `ss`) and `fs.readFileSync` for scanning other skill files are necessary for its stated security purpose. Prompt injection instructions in `SKILL.md` guide the AI agent to perform security monitoring and transparently report findings, not to subvert its function or hide actions. There is no evidence of intentional harmful behavior such as data exfiltration, persistence, or unauthorized remote control.
Capability Assessment
Purpose & Capability
The skill is described as a runtime monitor and its code implements file scanning, process checks, and network-connection inspection via local system commands. Required resources are limited to Node.js and the user's HOME filesystem (for logs/state), which is proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs running monitor.js and describes scanning installed skills, checking processes, network connections, and file metadata. The code reads skill files (readFileSync) for pattern matching and uses execSync/spawn to gather process/network state — all within monitoring scope. Minor note: SKILL.md repeatedly asserts 'never makes outbound network requests' and 'read-only' for credentials (only metadata). The included code appears to perform local checks only; however the README/marketing references a CascadeAI web dashboard / Pro features (external service) — although the bundled code does not obviously contact it, the documentation suggests an external dashboard exists. This is a small discrepancy worth noting but not disqualifying.
Install Mechanism
No installer is bundled (skill contains JS file + docs). Installation options in README point to ClawHub or a GitHub repo. No external archive downloads or opaque installers are executed by the code itself. This is low-risk as long as users pull the repo from a trusted source.
Credentials
The skill requests no environment variables or credentials and only uses process.env.HOME (or /tmp) to store logs and state. It scans skill directories under the user's home and looks for references to sensitive paths — appropriate for a monitor. It does not request unrelated cloud keys or tokens. It does read license/state files it creates in the user's HOME; that behavior is reasonable for local pro feature gating.
Persistence & Privilege
always:false and user-invocable:true. The skill writes state and an audit log under the user's HOME ('.skillfence-session.json', '.skillfence-audit.log', '.skillfence-license.json'), which is expected for a monitoring tool. It does not modify other skills or system-wide configs in the provided code. No forced global persistence is requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skillfence - After installation, invoke the skill by name or use
/skillfence - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.6
v1.0.6 — Included monitor.js executable in package. Fixed documentation-only issue. Pro/webhook features clarified as separate web dashboard (skill never makes network requests). Credential checks explicitly only read file metadata (timestamps via stat), never file contents.
v1.0.5
v1.0.5 — Included monitor.js in package (was documentation-only before). Pro/webhook features clarified as separate web dashboard. Credential checks only read file metadata (timestamps), never contents. Skill never makes outbound network requests.
v1.0.4
v1.0.4 — Clarified that Pro/webhook features are a separate web dashboard, not part of this skill. Skill never makes outbound network requests. Credential checks explicitly only read file metadata (timestamps via stat), never file contents. Addresses OpenClaw security scanner findings.
v1.0.3
Fix metadata — remove requires block for OpenClaw compatibility
v1.0.2
v1.0.2 — Added Pro license activation (--activate), license status check (--license), and interactive threat dashboard (--dashboard). Dashboard includes click-to-expand findings with recommended actions, skills status, threat breakdown, and activity timeline. Pro features gated behind license key.
v1.0.1
SkillFence 1.0.0 initial release:
- Introduced runtime security monitoring for OpenClaw skills, tracking network calls, file access, credential reads, and process activity.
- Added monitor.js as the core engine for live and on-demand security checks.
- Removed rules.js and replaced ZeroRules functionality with comprehensive threat monitoring.
- Provided multiple commands for scanning, live monitoring, network/process/credential checks, session status, and audit logs.
- Included clear severity badges and detailed report formatting for findings.
- Offered user-invocable slash commands for quick security operations and session visibility.
v1.0.0
Initial release. Runtime security monitor for OpenClaw skills. Scans installed skills for known C2 addresses, dangerous commands, credential access, and data exfiltration patterns. Monitors active network connections, processes, and sensitive file access. Full audit trail logging.
Metadata
Frequently Asked Questions
What is SkillFence?
Runtime security monitor for OpenClaw skills. Watches what your installed skills actually DO — network calls, file access, credential reads, process activity. Not a scanner. A watchdog. It is an AI Agent Skill for Claude Code / OpenClaw, with 1912 downloads so far.
How do I install SkillFence?
Run "/install skillfence" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SkillFence free?
Yes, SkillFence is completely free (open-source). You can download, install and use it at no cost.
Which platforms does SkillFence support?
SkillFence is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SkillFence?
It is built and maintained by deeqyaqub1-cmd (@deeqyaqub1-cmd); the current version is v1.0.6.
More Skills