permission-guard
Security watchdog for OpenClaw agents that monitors installed skill behavior, detects unauthorized file access, suspicious outbound network calls, dangerous command patterns, and generates permission audit reports. Use this skill whenever the user asks about agent activity ("what did my agent do", "check what my skill accessed", "monitor agent permissions", "permission report", "activity log", "did my agent do anything weird", "skill behavior audit", "what files did my agent touch"), after installing a new skill to establish a behavior baseline, or when suspicious or unexpected behavior is suspected. Trigger proactively after any skill installation — a first-run baseline check is always worthwhile.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/billyhetech/permission-guard-v1Permission Guard
A runtime security watchdog for OpenClaw agents. Its purpose is to give users clear visibility into what their installed skills are actually doing — catching unexpected file access, suspicious network calls, dangerous commands, or behavior that goes beyond a skill's declared purpose.
Behavior Log
Maintain a running log at ~/.openclaw/permission-guard.log. Record each notable agent action in this format:
[ISO-8601 timestamp] SKILL:[skill-name] ACTION:[file|network|command] TARGET:[path/url/cmd] STATUS:[ok|flagged|blocked]
Keep log files under 10MB — rotate monthly by renaming the old file to permission-guard.log.YYYY-MM. The log stays local and is never transmitted externally.
Security Checks
Run all four checks when producing a report, then summarize findings together.
Check 1 — Sensitive File Access
Look for recent touches to credential and configuration files:
find ~ -newer ~/.openclaw/last-check -type f 2>/dev/null \
| grep -E '(\.ssh|\.aws|\.gnupg|\.config/gcloud|\.gitconfig|/etc/passwd|/etc/shadow|Library/Keychains|\.config/google-chrome|\.mozilla)' \
| head -30
# Update timestamp after check:
touch ~/.openclaw/last-check
Flag any match. The risk is concrete: a rogue skill reading ~/.ssh/id_rsa while appearing to do something routine is a classic credential exfiltration path.
Check 2 — Outbound Network Connections
Review active and recent connections:
ss -tnp 2>/dev/null | grep -Ev '(127\.0\.0\.1|::1|LISTEN)'
Flag connections to:
- Unrecognized IPs or domains not associated with the skill's declared APIs
- Known data-sharing services (pastebin, webhook.site, file-sharing hosts)
- Any plaintext (non-HTTPS) connection carrying data
Check 3 — Dangerous Command Patterns
Check the log for commands that signal permission abuse:
grep -E '(rm\s+-rf|chmod\s+777|curl.+\|\s*(ba)?sh|wget.+\|\s*(ba)?sh|crontab\s+-[el]|useradd|sudo\b)' \
~/.openclaw/permission-guard.log 2>/dev/null | tail -20
These patterns don't automatically mean malicious intent, but each warrants a prompt explanation to the user before proceeding.
Check 4 — Behavioral Drift
Compare what a skill actually did against what its name and description promise. The principle: a skill should only do what its declared purpose suggests.
Examples worth flagging:
- A "weather" skill writing to the filesystem
- An "email" skill accessing SSH keys
- A "calendar" skill running arbitrary shell commands
- Any skill POSTing data to a URL not listed in its declared API set
Output Format
Produce this report structure, omitting sections that have no events:
🛡️ Permission Guard — Activity Report
════════════════════════════════════════
Period: [start] → [end]
Skills monitored: [N]
✅ Normal Activity ([X] events)
[skill-name]: [description of expected action]
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-billyhetech-permission-guard-v1": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
smart-summarizer
Summarizes URLs, articles, YouTube videos, PDFs, and pasted text into a structured digest with TL;DR, key takeaways, and action items. Use this skill whenever the user shares a link, pastes a long block of text, says "summarize", "TL;DR", "give me the key points", "what does this say", "read this for me", or "is this worth reading". Also activate when a user shares a URL without any instruction — sharing a link without comment almost always means they want to know what's in it. Supports English and Chinese content.
openclaw-hardening
Audit and harden an OpenClaw installation for common security misconfigurations. Covers non-loopback binding, exposed gateway listeners, root or Administrator execution, missing authentication, overly permissive tool policies, open DM access, plaintext API keys, and insecure file permissions. Use this skill whenever the user asks to secure OpenClaw, review a first-time setup, check whether a config is safe, audit local exposure, fix risky defaults before installing more skills, or asks "is my openclaw setup safe", "openclaw config audit", or "harden openclaw". Proactively offer to run this audit whenever the user mentions setting up or reconfiguring OpenClaw.
basic-memory
Gives your OpenClaw agent persistent memory across conversations by organizing entries in the native MEMORY.md and daily memory files. Automatically loads saved context at session start and saves important facts, decisions, and preferences during conversation. Use this skill whenever users say 'remember this', 'save this', 'don't forget', 'note that', 'what do you remember', 'forget [topic]', or when you detect they've shared something worth keeping — even if they don't explicitly ask. Also activate automatically at the start of every new session to load prior context.
personal-context
Builds a personal profile for your OpenClaw agent so it knows your name, role, timezone, goals, and communication style. Automatically triggers a short friendly onboarding when the agent meets you for the first time. Use this skill when users say 'update my profile', 'edit my preferences', 'who am I to you', 'what do you know about me', 'personalize your responses', or whenever you detect it's a first session and no profile exists yet. Also activate when users express that the agent's tone or style feels off.
skill-scanner
Security-first skill vetting for AI agents on OpenClaw and Claude Code. Scans any SKILL.md for malicious patterns, permission abuse, prompt injection, and ClawHavoc attack vectors — then gives a clear Safe / Caution / Danger verdict. Use this skill whenever the user wants to install, review, vet, or audit a skill from ClawHub, GitHub, or any other source; asks "is this skill safe?", "should I install this?", "scan/check/vet this skill", "review skill before installing"; shares a SKILL.md file or skill URL; or pastes skill content for evaluation. Proactively offer to scan any skill the user mentions installing, even if they don't explicitly ask for a security check.