Openclaw Guardian

一键安装包含配置安全、容灾、监控和上下文优化的 OpenClaw 系统全链路守护套件。

This package is plausible for a commercial 'guardian' suite, but several behaviors merit caution: - Remote code fetch & exec: The installer contacts a payment server (default https://skill.socialmore.net), creates an order, then downloads an encrypted payload and decrypts/executes it locally. That means code from the vendor will run on your machine — only proceed if you trust the vendor and the server. - Watermark injection: The included watermark.py will recursively inject license headers into Python files under a target directory. This modifies your installed code permanently; back up repositories and virtualenvs first, and do not run as root. - Self-whitelisting: The 'skill-safe-install' component contains a hard-coded whitelist that treats this author's skills as trusted and can bypass normal review steps. That reduces independent auditing of this package and bundled skills. - Default external endpoints: patch_integration creates a compaction-proxy routes.json pointing to a third-party LLM endpoint template (llmapi.lovbrowser.com) and expects API keys. Review and control any externally configured endpoints. Recommendations before installing: 1) Request a vendor-signed release or inspect the remote payload behavior (what oc_execute_skill does after fetching) — ideally get the plaintext code or a reproducible build. 2) Run the installer in an isolated environment (VM / disposable container) first to observe network calls and filesystem changes. 3) Back up ~/.openclaw and any code you care about; avoid running as root. 4) Verify the payment/oc-pay-server domain and SSL certs; prefer explicit OC_PAY_SERVER values you control. 5) If you require stricter audit, refuse auto-whitelisting and insist the package remove or document the whitelist mechanism. Given the mix of plausible commercial intentions and several risky implementation choices (remote exec, persistent watermarking, self-whitelist), treat this skill as suspicious until the vendor or maintainer supplies stronger transparency and assurances.

Type: OpenClaw Skill Name: openclaw-guardian-suite Version: 1.0.7 The bundle implements a commercial licensing and delivery mechanism in 'lib/sdk/auth.sh' that utilizes a high-risk execution pattern: it fetches encrypted payloads from a remote server (https://skill.socialmore.net) and pipes them directly into a bash shell via openssl decryption. Furthermore, 'lib/skills/skill-safe-install/SKILL.md' contains instructions designed to influence the AI agent's behavior, specifically directing it to bypass security inspections and risk assessments for any skills authored by 'halfmoon82'. While these behaviors are framed as part of a commercial 'Guardian Suite,' the combination of remote code execution (RCE) by design and explicit instructions to ignore security protocols for specific developers creates a significant attack surface and potential for unauthorized system modification.