← Back to Skills Marketplace
1853
Downloads
1
Stars
5
Active Installs
6
Versions
Install in OpenClaw
/install openclaw-warden
Description
Verify workspace file integrity and scan for prompt injection patterns in agent identity and memory files. Detects unauthorized modifications to SOUL.md, AGENTS.md, IDENTITY.md, memory files, and installed skills. Free detection layer — upgrade to openclaw-warden-pro for automated countermeasures.
Usage Guidance
This skill is coherent with its stated purpose and runs entirely locally under python3, but it will create .integrity state in your workspace and can rename/quarantine other skill directories and restore files. Before installing or enabling autonomous invocation: (1) inspect scripts/integrity.py (especially quarantine/restore/protect/rollback implementations) to confirm their behavior matches your expectations, (2) back up your workspace, (3) consider running it manually first rather than granting automated startup hooks or autonomous agent invocation, and (4) verify there are no network calls or hidden endpoints in the remainder of the code if you will run it with sensitive data.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-warden
Version: 1.0.3
The OpenClaw Warden skill is a security tool designed to detect unauthorized modifications and prompt injection attacks within an AI agent's workspace. The `SKILL.md` and `README.md` clearly state its defensive purpose, and the `scripts/integrity.py` code implements integrity checks (SHA-256 hashing), injection pattern scanning (for instruction overrides, base64 payloads, exfiltration URLs, shell injection, etc.), and countermeasures like file restoration from local snapshots or Git, and skill quarantine. The code uses only Python standard library modules, makes no network calls, and all operations are local file system or Git commands, confirming its stated 'no external dependencies' claim. There is no evidence of malicious intent, data exfiltration, backdoors, or prompt injection against the agent itself; rather, it actively defends against these threats.
Capability Assessment
Purpose & Capability
Name/description, required binary (python3), and the included script all align: the tool collects workspace files, computes checksums, and scans for prompt-injection patterns. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Runtime instructions are constrained to workspace scanning and integrity operations (baseline, verify, scan, full, status, accept). The script resolves a workspace via CLI arg, OPENCLAW_WORKSPACE, current dir, or a default; this is consistent with the stated behavior. Note: SKILL.md explicitly lists injection patterns (e.g., 'ignore previous instructions'), which triggered the static pre-scan detector — that is expected because the skill documents those strings as things to flag.
Install Mechanism
No install spec; user copies skill into workspace and runs python3 scripts/integrity.py. This is low-risk compared to remote downloads or package installs. The script writes a local .integrity directory in the workspace for manifests/snapshots, which is expected.
Credentials
No environment variables or credentials are required. The only environment access is optional workspace detection via OPENCLAW_WORKSPACE and reading/writing files inside the workspace directory — proportionate to its purpose.
Persistence & Privilege
The tool will create .integrity snapshots and can quarantine/restore/rollback skills and files (QUARANTINE_PREFIX indicates renaming/moving skills). Those filesystem modifications are in-scope for a countermeasure tool, but they are destructive actions so users should review code and run with care. always:false (not force-installed) and no extra privileges requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-warden - After installation, invoke the skill by name or use
/openclaw-warden - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
openclaw-warden 1.0.3
- Removed promotional references to openclaw-warden-pro from documentation.
- Cleaned up SKILL.md metadata and description formatting for clarity.
- No functional code changes; this update is documentation-only.
v1.0.2
openclaw-warden 1.0.2 changelog:
- Updated README.md with improved formatting and clarifications.
- No changes to functionality or code; documentation update only.
v1.0.1
Re-publish with proper metadata
v0.1.1
- Initial public release.
- Added Python script (scripts/integrity.py) for verifying workspace file integrity and scanning for prompt injection patterns.
- Provided detailed documentation in README.md for setup, usage, command reference, monitoring scope, and response actions.
- No external Python dependencies required; uses only the standard library.
v0.1.0
- Removed .gitignore, README.md, and scripts/integrity.py files.
- Skill package no longer includes the script for workspace integrity and injection scanning.
- Documentation and user command instructions remain unchanged in SKILL.md, but related functionality is now absent.
v1.0.0
Initial release of openclaw-warden — workspace file integrity and prompt injection monitoring.
- Monitors critical files (SOUL.md, AGENTS.md, IDENTITY.md, USER.md, TOOLS.md, HEARTBEAT.md), memory files, config JSON, and installed skill manifests.
- Detects unauthorized modifications, prompt injection, markdown/image exfiltration, HTML and shell injection, and Unicode attacks.
- Offers commands for baseline creation, integrity verification, injection scanning, one-line status checks, full verification, and selective baseline acceptance.
- Cross-platform, no pip dependencies; utilizes only Python standard library.
- Free detection layer; upgrade option available for automated countermeasures.
Metadata
Frequently Asked Questions
What is Openclaw Warden?
Verify workspace file integrity and scan for prompt injection patterns in agent identity and memory files. Detects unauthorized modifications to SOUL.md, AGENTS.md, IDENTITY.md, memory files, and installed skills. Free detection layer — upgrade to openclaw-warden-pro for automated countermeasures. It is an AI Agent Skill for Claude Code / OpenClaw, with 1853 downloads so far.
How do I install Openclaw Warden?
Run "/install openclaw-warden" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openclaw Warden free?
Yes, Openclaw Warden is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Openclaw Warden support?
Openclaw Warden is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created Openclaw Warden?
It is built and maintained by AtlasPA (@atlaspa); the current version is v1.0.3.
More Skills