← Back to Skills Marketplace
Vigil
by
RobinOppenstam
· GitHub ↗
· v0.1.1
1040
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install vigil
Description
AI agent safety guardrails for tool calls. Use when (1) you want to validate agent tool calls before execution, (2) building agents that run shell commands, file operations, or API calls, (3) adding a safety layer to any MCP server or agent framework, (4) auditing what your agents are doing. Catches destructive commands, SSRF, SQL injection, path traversal, data exfiltration, prompt injection, and credential leaks. Zero dependencies, under 2ms.
Usage Guidance
This skill is internally consistent: it provides a small wrapper that calls an npm safety library to evaluate agent tool calls. Before installing or running it, review the vigil-agent-safety package and its GitHub repository (maintainers, recent commits, published code) because the runtime behavior depends entirely on that third‑party package. Pin a specific version, inspect its source code, and install in a sandboxed environment if possible. Note the registry metadata at the top of the skill listing lacked a source/homepage while SKILL.md and _meta.json reference hexitlabs — verify that the npm package and repository URLs match and are legitimate. If you cannot audit the package, avoid installing it on sensitive systems.
Capability Analysis
Type: OpenClaw Skill
Name: vigil
Version: 0.1.1
This skill bundle is designed to provide AI agent safety guardrails, detecting and blocking potentially malicious actions such as destructive commands, data exfiltration, SSRF, and prompt injection. The `SKILL.md` clearly documents its purpose and functionality, and the `scripts/vigil-check.js` wrapper simply integrates the `vigil-agent-safety` npm package to validate agent tool calls. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection against the OpenClaw agent within the provided files; instead, the skill actively aims to prevent such behaviors.
Capability Assessment
Purpose & Capability
Name/description match the actual contents: a small CLI wrapper and instructions that call the npm package vigil-agent-safety to evaluate agent tool calls. The dependency on an npm safety library is coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the user to install and use the vigil-agent-safety npm package and shows example usage. The included script only parses args and forwards them to checkAction; it does not read unrelated system files or environment variables. Note: the skill requires the external package to be installed for runtime behavior—if missing the wrapper will error out.
Install Mechanism
No automated install spec is provided; SKILL.md asks you to run npm install for a public npm package. Using a public npm package is a moderate supply-chain risk (expected here), so review the package and its GitHub repo before installing. The install is not via an opaque URL or archive.
Credentials
The skill requests no environment variables, credentials, or config paths. The wrapper and documentation do not reference secrets or unrelated credentials.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request permanent presence or modify other skills' configs. It does not attempt to persist credentials or change system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vigil - After installation, invoke the skill by name or use
/vigil - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Fix: clarify npm dependency requirement, fix script reference (.sh → .js), add source/homepage metadata. Addresses ClawdHub security review.
v0.1.0
Initial release: 22 rules, zero deps, under 2ms agent safety guardrails for AI tool calls
Metadata
Frequently Asked Questions
What is Vigil?
AI agent safety guardrails for tool calls. Use when (1) you want to validate agent tool calls before execution, (2) building agents that run shell commands, file operations, or API calls, (3) adding a safety layer to any MCP server or agent framework, (4) auditing what your agents are doing. Catches destructive commands, SSRF, SQL injection, path traversal, data exfiltration, prompt injection, and credential leaks. Zero dependencies, under 2ms. It is an AI Agent Skill for Claude Code / OpenClaw, with 1040 downloads so far.
How do I install Vigil?
Run "/install vigil" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vigil free?
Yes, Vigil is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Vigil support?
Vigil is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Vigil?
It is built and maintained by RobinOppenstam (@robinoppenstam); the current version is v0.1.1.
More Skills