← 返回 Skills 市场
permission guard
作者
billyhetech
· GitHub ↗
· v1.0.0
· MIT-0
81
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install permission-guard-v1
功能描述
Security watchdog for OpenClaw agents that monitors installed skill behavior, detects unauthorized file access, suspicious outbound network calls, dangerous...
安全使用建议
This skill appears to do what it says: local monitoring and reporting of file access, network connections, and suspicious commands. Before installing: (1) Review and accept that it will create ~/.openclaw/permission-guard.log and baseline files and will scan your home directory. (2) Do not run your agent as root solely to enable the watchdog—some checks (like /etc/shadow) require elevation and granting that broadly increases risk. (3) Consider running the script manually first to inspect its output and confirm it behaves as you expect. (4) If you allow autonomous invocation, require the agent to prompt you before running checks that access sensitive areas. If you need stricter guarantees, prefer running the watchdog on-demand or in a limited account rather than granting it elevated system privileges.
功能分析
Type: OpenClaw Skill
Name: permission-guard-v1
Version: 1.0.0
The skill functions as a security watchdog but requires high-risk capabilities, including broad filesystem inspection of sensitive directories (~/.ssh, ~/.aws, ~/.gnupg) and network connection monitoring via 'ss'. While these actions are aligned with its stated purpose of auditing agent behavior, the requirement for extensive shell access and the potential for path injection during the baseline creation step in SKILL.md (using unsanitized skill names in file paths) meet the criteria for a suspicious classification.
能力评估
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md explicitly performs filesystem and network inspection, keeps a local log, and produces permission reports. The requested actions (find, ss, grep, stat, touch, mkdir) are proportionate to a watchdog that monitors agent behavior.
Instruction Scope
Instructions instruct the agent to scan the user's home and review system network state and command logs, and to maintain files under ~/.openclaw. This is within the declared monitoring scope, but the checks reference sensitive paths (e.g., ~/.ssh, ~/.aws, /etc/shadow) and will only be fully effective if the agent has sufficient privileges to see them. The SKILL.md also assumes standard shell tools (find, ss, grep, stat, touch, mkdir) exist but the registry metadata lists no required binaries — a minor mismatch to be aware of.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is downloaded or written beyond the logs and baselines described in the SKILL.md.
Credentials
The skill requests no environment variables, no credentials, and no external config paths. It does not ask for or embed secrets and explicitly states logs remain local.
Persistence & Privilege
The skill writes to ~/.openclaw/permission-guard.log and creates baseline files under ~/.openclaw/baselines; this is reasonable for a watchdog but does create persistent artifacts in the user's home. The skill is not always:true and does not require elevation in its metadata, but to inspect some system files (e.g., /etc/shadow) it would need elevated privileges — avoid running the agent as root unless you understand the implications.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install permission-guard-v1 - 安装完成后,直接呼叫该 Skill 的名称或使用
/permission-guard-v1触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Permission Guard with security monitoring and audit functionality for OpenClaw agents:
- Monitors skill behavior: tracks file access, outbound network calls, and dangerous command usage.
- Generates activity and permission audit reports, highlighting suspicious or unauthorized actions.
- Maintains a local activity log with rotation and clear event formatting.
- Performs sensitive file access checks, network connection review, dangerous command pattern detection, and behavioral drift analysis.
- Detects and flags critical violations (e.g., credentials read + outbound call) and recommends remediation actions.
- Triggers first-run behavioral baselines when new skills are installed to help identify future anomalies.
- Output includes a clear, user-focused assessment with actionable recommendations.
元数据
常见问题
permission guard 是什么?
Security watchdog for OpenClaw agents that monitors installed skill behavior, detects unauthorized file access, suspicious outbound network calls, dangerous... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 81 次。
如何安装 permission guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install permission-guard-v1」即可一键安装,无需额外配置。
permission guard 是免费的吗?
是的,permission guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
permission guard 支持哪些平台?
permission guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 permission guard?
由 billyhetech(@billyhetech)开发并维护,当前版本 v1.0.0。
推荐 Skills