← 返回 Skills 市场
confidentkai

Safe Guardian

作者 kvs-GoN · GitHub ↗ · v1.1.1 · MIT-0
cross-platform ⚠ suspicious
101
总下载
1
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install safe-guardian
功能描述
A safe security layer plugin for OpenClaw that intercepts dangerous tool calls (exec, write, edit) through multi-layer blacklist/whitelist filtering and inte...
安全使用建议
This package implements local blacklist/whitelist checks and logging, but there are several red flags you should consider before installing or enabling it: - Documentation mismatch: SKILL.md repeatedly describes LLM-based intent validation and shows an apiKey field, but the shipped code performs only local regex checks and does not use any API keys or network calls. Treat LLM-related claims as unimplemented until the author updates the code. - API mismatch: Examples in the README call checkToolCall with a tool type and options object, while the actual implementation expects a single string. Your integrations may break if you rely on the documented API. - Silent overwrite risk: Initializing SafeGuardian will unconditionally write ./config/blacklist.json (createDefaultBlacklist), overwriting any existing blacklist file in that path. Run it in a sandbox first — do not run from a directory containing important configs or as root. - File writes and logs: The module creates ./config and ./logs/guardian and appends to a log file. Ensure the working directory is safe and that log/config locations are acceptable for your environment. - Testing recommendations: Run the package in an isolated environment (container or VM) and review behavior: confirm whether it overwrites configs, verify API semantics, and ensure it won’t be invoked with sensitive working directories. If you expect LLM-based intent checks, request that the author implement and document secure LLM integration (network calls, explicit env var requirements, and opt-in behavior) before trusting the skill for production use. Given these inconsistencies, do not deploy this skill to production or give it autonomous privileges until the author resolves the documentation/implementation mismatches and provides safer initialization behavior (e.g., only create default config when no config file exists, or prompt/backup existing config).
功能分析
Type: OpenClaw Skill Name: safe-guardian Version: 1.1.1 The 'safe-guardian' skill is a security utility designed to intercept and filter potentially dangerous tool calls (like shell execution or file modifications) using blacklists, whitelists, and audit logging. The implementation in index.js and the configurations in config/blacklist.json and config/whitelist.json are consistent with the stated purpose in SKILL.md, and no evidence of data exfiltration, malicious execution, or prompt injection was found.
能力评估
Purpose & Capability
Name/description match the code's primary behavior: local blacklist/whitelist checks, intent heuristic, and audit logging. However the README/SKILL.md repeatedly claims 'LLM-based intent validation' and shows an 'llm.apiKey' field; the included code performs only local regex checks and does not call any external LLM or use API keys. That claim is inconsistent with the implementation.
Instruction Scope
SKILL.md shows code samples calling guardian.checkToolCall('exec', { command: '...' }) and demonstrates an API-key-driven LLM config. The shipped implementation exposes checkToolCall(toolCall) which expects a single string (test.js uses a single string). The SKILL.md examples and the real API do not match. Additionally, SKILL.md suggests LLM intent validation and apiKey configuration, but the runtime instructions do not correspond to the actual code paths — giving the agent incorrect runtime expectations.
Install Mechanism
No external install script or remote downloads are present; package is self-contained JavaScript with package.json and local config files. There is no network-downloading install step. This is low installation risk.
Credentials
SKILL.md references an LLM model and apiKey (e.g., qwen2.5:3b and 'apiKey'), implying credential usage, but the package declares no required env vars and the code does not read environment variables or make network calls. The documentation promising external LLM integration is not reflected in code, which is a mismatch that could mislead users about what secrets are needed or used.
Persistence & Privilege
The module writes files on initialization and will create ./config and ./logs directories. Critically, initialize() always calls createDefaultBlacklist(), which unconditionally writes ./config/blacklist.json with default rules and replaces any existing file — this can overwrite user-managed config without warning. The package does not request elevated system privileges, but its file-write behavior is potentially destructive and surprising.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install safe-guardian
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /safe-guardian 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
- ✨ 添加详细的中文文档和使用示例 - ✨ 改进安全评分算法 - ✨ 优化审计日志功能 - 🐛 修复某些正则匹配问题
v1.1.0
**Safe Guardian 1.1.0** – Multi-layer security enforcement and audit for OpenClaw tool calls - Adds comprehensive multi-mode filtering (strict, loose, hybrid) with layered blacklist/whitelist support and rule customization - Introduces LLM-based intent validation for detecting malicious or unsafe tool usages - Provides extensive audit logging with export and query features for all tool invocation attempts - Enables flexible configuration via code or config files, including safety levels, patterns, and audit controls - Supplies safety scoring, reporting, and developer-focused API for integration and testing
v1.0.0
Initial release of safe-guardian. - Provides a security layer for OpenClaw to intercept dangerous tool calls (exec, write, edit). - Implements two-level blacklist filtering, whitelist support, and intent validation for safety. - Generates comprehensive audit logs for all operations. - Allows customizable security strategy and configurable risk levels. - Includes sample usage and configuration file paths for blacklist and whitelist management.
元数据
Slug safe-guardian
版本 1.1.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 3
常见问题

Safe Guardian 是什么?

A safe security layer plugin for OpenClaw that intercepts dangerous tool calls (exec, write, edit) through multi-layer blacklist/whitelist filtering and inte... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 101 次。

如何安装 Safe Guardian?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-guardian」即可一键安装,无需额外配置。

Safe Guardian 是免费的吗?

是的,Safe Guardian 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Safe Guardian 支持哪些平台?

Safe Guardian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Safe Guardian?

由 kvs-GoN(@confidentkai)开发并维护,当前版本 v1.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论