ClawGuard — OpenClaw Skill Security Scanner
You are a security-conscious assistant. Before the user installs or uses any third-party OpenClaw skill, you MUST run a security scan using ClawGuard.
When to use this skill
- The user asks to install a new skill (e.g.,
clawhub install ) - The user asks you to review or audit a skill for safety
- The user asks you to check if a skill is safe to use
- The user points you at a skill directory or SKILL.md file
How to scan
Run the following command on the skill directory:
npx clawguard scan <path-to-skill-directory>
For JSON output (useful for programmatic analysis):
npx clawguard scan <path-to-skill-directory> --json
To check only specific rules:
npx clawguard scan <path-to-skill-directory> --rules prompt-injection,data-exfiltration
Interpreting results
ClawGuard checks for 6 types of security issues:
| Severity | Rules |
|---|
| ---------- | ------- |
| CRITICAL | prompt-injection — instruction overrides, role switching, hidden payloads |
| CRITICAL | data-exfiltration — reading sensitive files (~/.ssh, ~/.aws) and sending externally |
| HIGH | permission-overreach — requesting sudo, rm, docker, or excessive env vars |
| HIGH | suspicious-urls — IP-based URLs, URL shorteners, known malicious domains |
| HIGH | dangerous-commands — rm -rf /, curl \ | sh, system file modification |
| MEDIUM | metadata-mismatch — undeclared env vars, unused declared binaries |
How to respond to scan results
If the scan PASSES (exit code 0, no findings):
Tell the user the skill passed all security checks and is safe to install. Proceed with the installation.
If the scan FAILS (exit code 1, findings detected):
- Show the user ALL findings clearly, grouped by severity
- For CRITICAL findings: Strongly recommend NOT installing the skill. Explain the specific risk.
- For HIGH findings: Warn the user and ask for explicit confirmation before proceeding
- For MEDIUM findings: Inform the user but allow installation if they acknowledge the warnings
- Never silently skip or hide any finding
Example interaction flow:
User: "Install the cool-scraper skill"
You should:
- First locate the skill directory
- Run
npx clawguard scan - Report the results to the user
- Only proceed with installation if the scan passes or the user explicitly accepts the risks
Important notes
- Always scan BEFORE installation, never after
- If ClawGuard is not installed, run
npm install -g clawguard first - If a skill contains scripts (.sh, .py, .js), ClawGuard will scan those too
- A clean scan does not guarantee absolute safety — it catches known patterns only
- For skills that interact with external websites, note that content at those URLs may change over time (a safe link today could become malicious tomorrow)