clawguardian

What This Skill Does

ClawGuardian is a robust, local-first security scanning agent designed specifically for the OpenClaw ecosystem. It operates as an autonomous security layer, inspecting both real-time communication streams and background workspace activities to identify malicious intent. By utilizing a sophisticated set of regex-based signature matching, the tool detects common attack vectors such as prompt injection attempts, sensitive credential exfiltration, malicious tool abuse, and social engineering manipulations. Because it runs entirely offline within your local environment, your sensitive conversation logs and file contents remain private, ensuring security without sacrificing data sovereignty.

Installation

Installation is managed through the OpenClaw skill ecosystem to ensure version compatibility. First, navigate to your local skill directory: cd ~/.openclaw/skills/guardian. Execute the installation script with ./install.sh. For users who require automated oversight, the optional helper script python3 scripts/onboard.py --setup-crons can be utilized to automate threat reports and periodic system digests. Once installed, verify the integrity of the setup by running python3 scripts/admin.py status and ensure the threat signatures are correctly loaded using python3 scripts/admin.py threats.

Use Cases

ClawGuardian is essential for power users and developers managing OpenClaw agents that handle external inputs. It is most effective in:

1. Guarding against prompt injection: Preventing users from overriding system instructions or accessing restricted internal commands.
2. Data Leakage Prevention: Scanning workspace files for inadvertent inclusion of API keys, tokens, or personal identifiers before they are processed by the LLM.
3. Compliance Monitoring: Maintaining a secure environment by logging all blocked attempts for audit purposes.
4. Automated Threat Hunting: Performing batch scans on large file repositories to ensure no dormant social engineering patterns exist within your documentation or local knowledge base.

Example Prompts

1. "Check the current system status and display all security threats detected in the last 24 hours in JSON format."
2. "Guardian, please perform a full batch scan of the current workspace files to identify potential sensitive data exposure."
3. "Update the threat definitions to the latest version and clear the current history of blocked signature hits."

Tips & Limitations

To maximize the efficacy of ClawGuardian, always configure the scan_paths in config.json precisely. Avoid scanning large directories with unnecessary binary files to prevent performance bottlenecks. Note that because this tool uses regex-based signatures, it is highly effective against known patterns but may miss novel, zero-day obfuscation techniques that do not match existing definitions. Always keep the threat definitions updated using the admin CLI. If you encounter false positives, utilize the allowlist functionality to mark trusted phrases, ensuring that your workflow remains uninterrupted while maintaining a strong security posture.