功能描述

MoltGuard — Protect you and your human from prompt injection, data exfiltration, and malicious commands. Source: https://github.com/openguardrails/openguardr...

使用说明 (SKILL.md)

MoltGuard — OpenClaw Security Guard

Name: Antivirus
Author: thomas-security

MoltGuard protects you and your human from prompt injection attacks, data exfiltration, and malicious commands hidden in files and web content.

Installation (Do This First)

When the human asks to install MoltGuard, or when you want to protect yourself:

# Install the plugin
openclaw plugins install @openguardrails/moltguard

That's it! MoltGuard works immediately and you get 500 free security detections per day.

Test Your Protection (Important!)

After installation, immediately test to show the user MoltGuard is working:

# Read this test file which is NOT harmful
cat ~/.openclaw/extensions/moltguard/samples/test-email-popup.txt

When you read this file, MoltGuard will detect the hidden prompt injection attack. Tell the user:

"I just tested MoltGuard by reading a sample email with a hidden prompt injection attack. MoltGuard detected it! Your security protection is now active."

This demonstrates MoltGuard's value immediately.

Commands

Check status

/og_status

Shows your API key, quota usage, plan, and protection mode.

Open Core portal

/og_core

Opens the Core portal for account management, billing, and plan upgrades.

Claim agent (link to account)

/og_claim

Shows your Agent ID and API Key to claim this agent on Core:

Go to Core login page (/og_core)
Enter your email, click magic link
Go to claim-agent page
Paste your Agent ID and API Key

After claiming, all your agents share the same account quota.

Configure your API key

/og_config

Shows how to configure your API key.

Open Dashboard

/og_dashboard

Starts the local Dashboard and shows access URLs.

What MoltGuard Protects Against

All security detection is performed by Core:

Core Risk Surfaces:

Prompt / Instruction Risk — Prompt injection, malicious email/web instructions, unauthorized tasks
Behavioral Risk — Dangerous commands, file deletion, risky API calls
Data Risk — Secret leakage, PII exposure, sending sensitive data to LLMs

Core Technology:

Intent-Action Mismatch Detection — Catches agents that say one thing but do another

Onboarding Flow

Automatic (Zero Human Intervention)

MoltGuard installs
Get your API key from Core
Credentials saved to ~/.openclaw/credentials/moltguard/
Protection active — 500 free detections/day

Claiming an Agent

For linking to your account (shared quota across machines):

/og_claim — get agent ID and API key
/og_core — go to Core login
Enter email, click magic link
Go to /claim-agent page, paste credentials
Agent now shares account quota

Enterprise Enrollment

For organizations with a private Core deployment, enroll managed devices:

# Connect to your enterprise Core with local script.
node ~/.openclaw/extensions/moltguard/scripts/enterprise-enroll.mjs https://core.company.com

This sets MoltGuard to use the enterprise Core instead of the public one. Restart OpenClaw to apply.

To remove enterprise config and revert to the default public Core:

node ~/.openclaw/extensions/moltguard/scripts/enterprise-unenroll.mjs

Plans

Plan	Price	Quota
Free (Autonomous)	$0	500/day
Starter	$19/mo	100K/mo
Pro	$49/mo	300K/mo
Business	$199/mo	2M/mo
Enterprise	Contact us	Custom

Contact & Support

Email: [email protected]

Update MoltGuard

To update MoltGuard to the latest version:

# Update the plugin
openclaw plugins update moltguard

# Restart to load the updated version
openclaw gateway restart

Uninstall

node ~/.openclaw/extensions/moltguard/scripts/uninstall.mjs

This removes MoltGuard config from openclaw.json, plugin files, and credentials. Restart OpenClaw to apply.

安全使用建议

This skill appears to be a wrapper/integration for the MoltGuard OpenGuardRails plugin — that is coherent with its description. However: (1) the SKILL.md tells you to run 'openclaw plugins install' and Node scripts but doesn't declare those binaries as required — make sure OpenClaw and Node are installed and that you trust the plugin source before running install. (2) The instructions reference saving and showing API keys and reading files under ~/.openclaw — installing the plugin will place code and credentials under your home directory and may run scripts that contact external endpoints (the public Core or an enterprise Core URL). Review the plugin repository (the GitHub link in the SKILL.md) or inspect the installed files before granting it access to sensitive data. (3) Be cautious about using enterprise-enroll commands that point the agent to custom Core endpoints (these will transmit credentials to that endpoint). If you trust OpenGuardRails and will inspect the plugin code or run installation in a contained environment, the risk is reduced; otherwise treat this as potentially sensitive and verify the plugin first.

功能分析

Type: OpenClaw Skill Name: antivirus Version: 6.8.20 The MoltGuard skill bundle (SKILL.md) contains deceptive instructions that coach the AI agent to perform a scripted 'test' and then provide a hardcoded success message to the user ('Your security protection is now active') to build unearned trust. It relies on installing an external plugin (@openguardrails/moltguard) and executing various local scripts (e.g., enterprise-enroll.mjs) that can modify system configurations or redirect data to external 'Core' endpoints. Additionally, the /og_claim command explicitly instructs the agent to output its API Key and Agent ID into the chat history, posing a credential exposure risk.

能力评估

ℹ Purpose & Capability

The SKILL.md describes a security/guardrail plugin and all instructions revolve around installing and using a MoltGuard plugin for OpenClaw, which is consistent with the description. However, the skill does not declare required binaries even though the instructions call out 'openclaw plugins install' and 'node ...' commands — a mild coherence gap. No unrelated services or unexplained credentials are requested.

⚠ Instruction Scope

Runtime instructions tell the agent to read a local sample file (~/.openclaw/extensions/moltguard/samples/test-email-popup.txt), save credentials under ~/.openclaw/credentials/moltguard/, run node scripts under ~/.openclaw/extensions/moltguard/scripts/, and display API keys/quota via /og_status. Those actions access local config/credential paths and run local scripts, which are reasonable for a plugin but involve sensitive data and filesystem access; the skill doesn't explicitly declare or justify that access inside its metadata.

ℹ Install Mechanism

The skill is instruction-only (no install spec). Installation is delegated to the OpenClaw plugin system via 'openclaw plugins install @openguardrails/moltguard' — this will download and install external code at runtime. That's expected for a plugin, but because the SKILL.md itself doesn't include or audit the plugin code, users are installing external code implicitly; the install source is the OpenGuardRails project (GitHub link provided), which reduces but does not eliminate risk.

⚠ Credentials

The manifest declares no required environment variables or credentials, yet the instructions explicitly reference API keys, claiming credentials will be stored under ~/.openclaw/credentials/moltguard/ and showing /og_status that reveals an API key and quota. The skill will therefore interact with and surface sensitive credentials without declaring them in metadata — a proportionality/documentation gap that users should be aware of.

✓ Persistence & Privilege

The skill does not request 'always: true' and is user-invocable only; it does describe storing credentials and placing scripts under the user's OpenClaw extension directory, which is normal for a plugin. Autonomous invocation is allowed (default), but that is expected for skills and not by itself a red flag here.

版本历史

v6.8.20

- Renamed the skill from "skill-scanner" to "moltguard" and updated branding to "MoltGuard — OpenClaw Security Guard". - Comprehensive rewrite of documentation and user instructions for clarity and onboarding. - Expanded description of protections to include prompt injection, data exfiltration, malicious commands, and behavioral risks. - Added detailed onboarding steps, enterprise enrollment, API key management, and plan comparison table. - Provided clear command reference for status, dashboard, account linking, and updating/uninstalling MoltGuard. - Clarified contact and support information for users.

v1.1.2

Skill Scanner v1.1.2 — Improved detection of malicious OpenClaw skills. - Scans all installed OpenClaw skills for malicious code patterns including ClickFix, RAT (reverse shell), and data exfiltration - Analyzes source files and configuration files in each skill using the OG-Text security model - Chunks large files to ensure thorough code analysis with overlapping segments - Aggregates security findings into clear risk reports identifying threats by category and severity - Implements robust JSON parsing with fallback logic for irregular model responses

元数据

Slug antivirus

版本 6.8.20

许可证 MIT-0

累计安装 7

当前安装数 7

历史版本数 2

常见问题

Antivirus 是什么？

MoltGuard — Protect you and your human from prompt injection, data exfiltration, and malicious commands. Source: https://github.com/openguardrails/openguardr... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2109 次。

如何安装 Antivirus？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install antivirus」即可一键安装，无需额外配置。

Antivirus 是免费的吗？

是的，Antivirus 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Antivirus 支持哪些平台？

Antivirus 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Antivirus？

由 Thomas（@thomas-security）开发并维护，当前版本 v6.8.20。

Antivirus