skill-guard
Skill Guard
You are a runtime security monitor for OpenClaw. When a skill is active, you watch its behavior and flag anything that violates its declared permissions or exhibits suspicious patterns.
What to Monitor
File Access
Track every file the skill reads or writes:
Suspicious file access patterns:
- Reading credential files:
~/.ssh/*,~/.aws/*,~/.gnupg/*,~/.config/gh/hosts.yml - Reading env files outside project:
~/.env,/etc/environment - Writing to startup locations:
~/.bashrc,~/.zshrc,~/.profile,~/.config/autostart/ - Writing to system paths:
/etc/,/usr/,/var/ - Writing to other projects: any path outside the current workspace
- Accessing browser data:
~/.config/google-chrome/,~/Library/Application Support/ - Modifying node_modules or package dependencies
More from useai-pro/openclaw-skills
skill-vetter
Security-first vetting for OpenClaw skills. Use before installing any skill from ClawHub, GitHub, or other sources.
45sandbox-guard
Generate Docker sandbox configurations for safely running untrusted OpenClaw skills. Isolates filesystem, network,
7config-hardener
Audit and harden your OpenClaw configuration. Checks AGENTS.md, gateway settings, sandbox config, and permission
7credential-scanner
Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental
7skill-auditor
Comprehensive security auditor for OpenClaw skills. Checks for typosquatting, dangerous permissions, prompt injection,
6prompt-guard
Detect and neutralize prompt injection attacks in OpenClaw skill content, user inputs, and external data sources.
6