← 返回 Skills 市场

ClawGuard | Anti-Malware Scanner & Honeypot

Name: ClawGuard | Anti-Malware Scanner & Honeypot
Author: tonyjb

作者 TonyJB · GitHub ↗ · v1.0.4

cross-platform ✓ 安全检测通过

671

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clawguard-antimalware

功能描述

Intrusion Detection System & Dynamic Honeypot. Protects your workspace from malicious skills.

使用说明 (SKILL.md)

ClawGuard Agent Instructions

You are ClawGuard, a local security monitoring agent. Your primary objective is to detect unauthorized credential scraping and malicious skill payloads.

1. Safe Payload Generation (Honeypot)

Check if ~/.openclaw/workspace/routing_config_backup.json exists.
If it does not exist, use local_write to create it. Populate it with dummy internal system tokens and generic local API webhook endpoints. Do not use cryptocurrency keywords, wallets, or seed phrases.

2. Static Auditing (Read-Only)

On your heartbeat schedule, use local_read to scan newly added directories in ~/.openclaw/skills/.
Flag any SKILL.md files that contain obfuscated base64 strings, password-protected .zip extractions, or unrecognized curl | bash pipelines.

3. Incident Response & Approval Gate

MANDATORY POLICY: You are strictly prohibited from autonomously executing shell commands. All shell operations are protected by OpenClaw's require_approval policy.
If unauthorized access to the honeypot is detected, or a malicious file is flagged, immediately pause execution.
Use notify to send the following alert: "🚨 ClawGuard Alert: Suspicious activity detected in [Skill Name/Path]. Reply 'APPROVE' to quarantine this threat."
Await user input. You may only execute the local kill or mv shell commands to neutralize the threat AFTER the user explicitly confirms the action.

4. Operational Boundaries

Never modify or target the core openclaw daemon or any files outside of the ~/.openclaw/ directory.

安全使用建议

This skill is internally consistent with its stated purpose: it will run periodically, create and monitor files inside ~/.openclaw/, and alert you when it sees suspicious skill files. Before installing, be aware that: - It will create a honeypot file (~/.openclaw/workspace/routing_config_backup.json) containing fake tokens; review or remove that file if you don't want decoy secrets on disk. - It requests shell permission, but the skill metadata requires you to approve any shell actions explicitly — do not approve shell commands unless you understand the exact command and why it is needed. - There is no source repo or homepage provided (author identity is unknown) — lack of upstream code makes independent verification harder. If you rely on this for protection, consider manually reviewing the files it creates and testing that your platform enforces the require_approval policy. Overall: coherent and appropriately scoped, but exercise standard caution because the author/source are not verifiable and the honeypot behavior places decoy tokens on your filesystem.

功能分析

Type: OpenClaw Skill Name: clawguard-antimalware Version: 1.0.4 The skill 'clawguard-antimalware' is designed as an intrusion detection system and honeypot. Its `skill.md` instructions clearly outline defensive actions, such as creating a dummy honeypot (`~/.openclaw/workspace/routing_config_backup.json`) and scanning for malicious patterns like `base64` strings or `curl | bash` pipelines in other skills. While it requests `shell` permission, it explicitly states that all shell operations require user approval and are limited to `kill` or `mv` commands for threat neutralization. There is no evidence of data exfiltration, unauthorized execution, persistence, or prompt injection with malicious intent. The external URL in `Support ClawGuard Development.txt` is for donations, not for malicious purposes.

能力评估

✓ Purpose & Capability

The name/description (local IDS + honeypot) matches the requested capabilities: local_read and local_write to place and inspect honeypot files, notify to alert the user, and shell access listed but gated by an approval policy. No unrelated credentials, binaries, or network endpoints are requested.

ℹ Instruction Scope

Runtime instructions are narrowly scoped to ~/.openclaw/ (create a honeypot file, scan ~/.openclaw/skills/ for suspicious patterns, and notify the user). This is coherent. Minor note: the skill asks to populate a file with 'dummy internal system tokens' — while intended as bait, that will place fabricated secrets under ~/.openclaw/ and could be detected/used by other tools; user should understand and consent to the creation of such decoy data.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files — nothing is downloaded or written at install time by the skill itself. This is the lowest-risk install model.

✓ Credentials

No environment variables, credentials, or external service tokens are requested. The permission set (local_read, local_write, shell, notify) is proportionate to a local honeypot/IDS; shell is present but explicitly constrained by a require_approval policy in the metadata.

ℹ Persistence & Privilege

always:false (normal). The skill includes a cron heartbeat metadata entry and requests local filesystem and shell permissions to operate periodically; this is expected for an IDS. The requirement that shell commands be subject to require_approval mitigates autonomous destructive actions. Confirm your platform enforces the require_approval policy as intended before granting shell approval.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clawguard-antimalware
安装完成后，直接呼叫该 Skill 的名称或使用 /clawguard-antimalware 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.4

**ClawGuard 1.0.6 Changelog** - Updated honeypot file: replaced creation of decoy crypto wallet with a config backup containing dummy system tokens and generic webhooks (no wallet or seed phrase keywords). - Added `policies.require_approval` for all shell operations to enforce approval gates. - Tightened incident response: shell commands (quarantine/kill) are strictly gated by policy and explicit user approval. - Clarified alerts and user interaction: standardized notification wording and user approval process. - Maintained existing auditing and operational boundaries.

v1.0.3

- Switched to a human-in-the-loop security model: no automatic process termination or file quarantine; user approval required for any intervention. - Updated honeypot/decoy logic: generates a fake wallet file with plausible but safe credentials in a new workspace location. - Increased scan interval from every 5 minutes to every 10 minutes. - Refined threat detection: flags suspicious skill files (e.g., obfuscated code, unauthorized scripts) and alerts the user via chat. - Reduced permissions scope and clarified operational boundaries: never target openclaw core or files outside the user's `.openclaw` directory.

v1.0.2

ClawGuard 1.0.2 Changelog - Upgraded from static to dynamic honeypot generation with high-value JSON payload at `~/.openclaw/settings_backup_keys.json`. - Hardened active defense: offending skills are both terminated (`kill -9`) and force-moved to quarantine on honeypot access. - Enhanced static analysis: directory auditing now matches more aggressive regex patterns and scrutinizes network call whitelists. - Runtime firewall now enforces immediate packet blocking for unauthorized outbound connections. - Added `shell` permission and metadata indicating a requirement for `kill` and `mv` binaries. - Updated tags for better discoverability and clarified documentation throughout.

v1.0.1

- Removed the honeypot decoy file settings_backup_keys.json from the skill package. - No changes to core logic or functionality.

v1.0.0

ClawGuard 1.0.0 – Initial Release - Introduces a three-tier anti-malware and intrusion prevention system for OpenClaw. - Deploys an active honeypot decoy file to detect credential-harvesting attempts and terminate malicious skills. - Executes automated directory scans every 5 minutes to identify and quarantine compromised or suspicious skills. - Monitors network traffic in real time, blocking unauthorized outbound connections and alerting the user. - Operates with zero telemetry and local-only permissions for enhanced privacy.

元数据

Slug clawguard-antimalware

版本 1.0.4

许可证 —

累计安装 10

当前安装数 10

历史版本数 5

常见问题