Runtime security guardrails for OpenClaw agents. Protects against prompt injection, excessive agency, cost runaway, credential leaks, and cascade effects. In...
Security Analysis
high confidenceThe skill's requirements, instructions, and included script are coherent with its stated purpose as a runtime security guardrail and do not request unrelated credentials or perform hidden downloads.
Name/description (runtime guardrails, audits, setup wizard) match the actual instructions: audit commands, advice, a setup wizard that appends guardrails to AGENTS.md, and an optional local firewall script. No unrelated credentials, binaries, or external services are requested.
Runtime instructions stay on-purpose: detect/ignore prompt injection, require explicit approval for high-risk actions, perform audits, and optionally append AGENTS.md or schedule a cron job. They reference local checks (proc, whoami, /tmp/openclaw) and OpenClaw CLI usage only. The one persistent action (append AGENTS.md) and the optional cron are explicit and require user confirmation in the workflow.
No remote install spec or downloads. The only code file is a local install.sh that defaults to a plan-only (no-change) mode and only applies UFW changes when run with --apply-firewall and user confirmations. No extracts or external URLs are used.
The skill declares no required environment variables or credentials. The guidance around credentials is conservative (refer to env var names, confirm presence without printing values). There are no disproportionate secret requests.
The setup wizard can append guardrails to AGENTS.md and optionally schedule a cron job (both persistent changes). These actions are explicit in the workflow and require user consent; review what will be written and the cron payload before agreeing.
Guidance
This skill appears to be what it says: a set of guardrails plus a safe, plan-only install script. Before installing/running: 1) Open SKILL.md and the AGENTS.md patch it will append and confirm you like the exact content; 2) If you run scripts/install.sh, run it first without --apply-firewall to inspect the printed commands; only run --apply-firewall if you have console/backdoor access and understand the UFW commands; 3) Review the cron payload and be comfortable with scheduling a periodic 'openclaw security audit'; 4) Confirm that 'openclaw security audit --fix' behavior is acceptable (it will change OpenClaw defaults and file permissions per the doc); and 5) Although the pre-scan flagged a prompt-injection phrase, it’s used here as an example to detect attacks — still review the content for any unexpected outbound endpoints or hidden commands before granting persistent changes.
Latest Release
v2.2.0
v2.2: Defense-in-depth skill vetting. ClawHub scans can have false negatives, so now includes Layer 2 self-inspection with grep patterns for dangerous code. Added decision matrix. Update checks now include diff inspection for new dangerous patterns. Added paranoid mode for production.
More by @Kevjade
Published by @Kevjade on ClawHub
