OpenClaw Security Guard

Use this skill to run fast local security checks before trusting or publishing automation.

What this skill is for

Run this skill when you need to:

• scan suspicious text for prompt injection / secret leakage patterns
• validate shell commands before automation or publishing
• validate URLs for SSRF / localhost / metadata access risks
• validate file paths for traversal / sensitive file access
• audit a skill folder for dangerous scripts, hardcoded secrets, exfiltration patterns, or unsafe install/publish flows
• add a lightweight self-defense layer before using external skills

Workflow

1. Choose the narrowest check needed.
2. Run one of the bundled scripts.
3. Treat BLOCK as stop-work until reviewed.
4. Treat WARN as requiring human review or a narrower sandbox.
5. For skill audits, review the flagged file lines before install/publish.

Bundled scripts

1) Quick text / command / URL / path checks

node {baseDir}/scripts/security-check.mjs text "<content>"
node {baseDir}/scripts/security-check.mjs command "<shell command>"
node {baseDir}/scripts/security-check.mjs url "<url>"
node {baseDir}/scripts/security-check.mjs path "<path>"

2) Skill / folder audit

node {baseDir}/scripts/audit-skill-dir.mjs /absolute/or/relative/path/to/skill

3) Write audit into Obsidian vault

node {baseDir}/scripts/write-obsidian-audit.mjs /tmp/audit.json "Skill Audit - my-skill"

This writes a markdown audit note into the ClawLite Obsidian vault under Security Audits/.

4) Install lightweight local hook wrapper

bash {baseDir}/scripts/install-hooks.sh

This installs a reusable workspace script for prepublish checks.

This audits for:

• hardcoded secrets / tokens
• curl|bash / wget|sh installers
• destructive shell patterns
• risky exfiltration / webhook / netcat usage
• suspicious file targets like ~/.ssh, /etc/passwd, .env, id_rsa

Verdicts

• ALLOW — no high-risk pattern found in this lightweight pass
• WARN — review manually before proceeding
• BLOCK — do not trust / run / publish until reviewed

Important limits

• This is a lightweight guard, not a full sandbox.
• Regex-based detection catches common dangerous patterns, not all attacks.
• A clean result does not prove safety.
• For high-risk code, still prefer human review and runtime isolation.

Publishing / install guard

Before publishing or installing a skill from GitHub / ClawHub:

1. run audit-skill-dir.mjs
2. inspect every WARN / BLOCK
3. only proceed when the remaining risk is understood

References

If you need the audit categories / philosophy, read:

• {baseDir}/references/checklist.md