Runtime Security Guard (English)

Enterprise-grade AI runtime security protection v2.1. Provides 410+ security rules with cross-platform detection (Windows/macOS/Linux), detecting 10 categori...

What to check before installing: - Verify the repository owner and source: confirm the GitHub repo (https://github.com/nanlin300624/runtime-security-guard) is trustworthy and review author identity and issues/commits. Do not trust the skill solely because it is on GitHub. - Do NOT run curl | bash on a raw URL without auditing the script. Instead clone the repo and inspect install-no-sudo.sh and other scripts locally before running. Prefer building locally (npm install; npm run build) in an isolated environment. - Confirm runtime requirements: the code and docs require Node.js 18+. The registry metadata does not declare this — ensure your environment meets the declared prerequisites and that the manifest is corrected. - Audit network behavior: search the code for webhook, HTTP client, remote endpoints, and any code paths that send detection logs or captured data off-host. Ensure default config does not enable external webhooks or 'save configuration online'. - Review honeypot functionality and default rule configs: honeypots that intentionally collect tokens (GitHub/OpenAI/AWS/etc.) are plausible for testing but can capture sensitive secrets and store them in logs. Verify what is captured, where logs are written, who can access them, and whether any aggregation/exfiltration is present. - Inspect SKILL.md and other docs for embedded prompt-injection examples or obfuscated characters. Treat those sections as test data only and ensure they are not executed or injected into runtime agents. - Run the skill first in an isolated sandbox or test account (not on production or with privileged secrets) and monitor outbound network connections during operation. - If you plan to use in production, require an internal security/code review: check install scripts, manage the web dashboard binding (ensure it does not expose to the network by default), review storage of logs, and disable any remote reporting until verified. If you want, I can: - list the files that call external network functions/webhooks and show those code snippets, - extract and display the install-no-sudo.sh content for quick review, - or search the repo for occurrences of 'webhook', 'http', 'curl', 'token', 'key', and 'ssh' to pinpoint high-risk code. (This would help raise confidence one way or the other.)

Type: OpenClaw Skill Name: runtime-security-guard-en Version: 2.1.0 The bundle is an extensive security monitoring suite (EDR-like) for AI agents that requires broad system permissions to function. It includes modules for monitoring network connections (src/monitor/network-monitor.ts), process behaviors (src/monitor/process-monitor.ts), and file integrity (src/monitor/file-integrity.ts), and even attempts to read the macOS TCC database (src/monitor/macos/permissions-monitor.ts). While its source code appears aligned with its defensive stated purpose, the recommended installation method via 'curl | bash' from an external GitHub repository (SKILL.md, install-no-sudo.sh) is a high-risk pattern. Additionally, it starts a local web server (scripts/web-admin-modern.js) to provide a dashboard, which exposes system logs and statistics via API endpoints, potentially increasing the local attack surface.