Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

afrocoderhanane/clawguard

Name: clawguard
Author: afrocoderhanane

/SKILL.md

npx skillsauth add afrocoderhanane/clawguard clawguard

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

ClawGuard Security Skill

A security layer that monitors and controls what OpenClaw can do. Think of it as a firewall for your AI assistant.

Description

ClawGuard intercepts all shell commands, file operations, and network requests before OpenClaw executes them. Actions are checked against your security policy and can be:

✅ Allowed — Proceeds immediately
❌ Blocked — Rejected with explanation
👤 Approval Required — Waits for human confirmation

Instructions

Before executing any of the following actions, check with ClawGuard:

Shell Commands

Before running any shell/bash command, call clawguard_check_shell with the command. If blocked, explain why and suggest an alternative.

File Operations

Before reading or writing files, call clawguard_check_file with the path and operation type. Respect blocked paths like ~/.ssh and .env files.

Network Requests

Before making HTTP requests, call clawguard_check_network with the URL. Only access allowed domains.

Skill Wiring — How ClawGuard Integrates into OpenClaw

ClawGuard ships three tool functions that OpenClaw calls before executing any sensitive action. These functions are defined in openclaw-skill/index.ts and registered with OpenClaw's tool system.

Interception Lifecycle

  OpenClaw receives user request
           │
           ▼
  Agent plans an action (shell / file / network)
           │
           ▼
  ┌────────────────────────────────┐
  │  clawguard_check_shell()      │
  │  clawguard_check_file()       │  ◄── one of these is called
  │  clawguard_check_network()    │
  └────────────┬───────────────────┘
               │
               ▼
  ClawGuard lazy-initializes:
    1. Searches for clawguard.yaml (cwd → ~/.config/clawguard/)
    2. Loads policy via loadPolicy()
    3. Creates AuditLogger + TerminalApprovalHandler
    4. Instantiates ClawGuard guard object (cached for lifetime)
               │
               ▼
  Policy Engine evaluates the action against rules
               │
       ┌───────┼───────┐
       ▼       ▼       ▼
    ALLOW   APPROVE   DENY
       │       │       │
       │       │       └──► { allowed: false, reason: "..." }
       │       └──────────► Human prompted → approve/deny
       └──────────────────► { allowed: true, reason: "..." }
               │
               ▼
  OpenClaw reads the result:
    • allowed: true  → execute the action
    • allowed: false → report block to user, suggest alternative

Tool Function Reference

`clawguard_check_shell(command: string)`

Called before every shell/bash command execution.

| Parameter | Type | Description | |-----------|----------|----------------------------------| | command | string | The full shell command to check |

Returns { allowed: boolean, reason: string, requiresApproval?: boolean }

Example flow:

const result = await clawguard_check_shell("rm -rf /tmp/*");
// → { allowed: false, reason: "Blocked by rule: blocked:rm -rf **" }

`clawguard_check_file(filePath: string, operation: 'read' | 'write')`

Called before every file read or write operation.

| Parameter | Type | Description | |-------------|--------------------|---------------------------------| | filePath | string | Absolute or relative file path | | operation | 'read' \| 'write' | Type of file operation |

Returns { allowed: boolean, reason: string }

Example flow:

const result = await clawguard_check_file("~/.ssh/id_rsa", "read");
// → { allowed: false, reason: "Blocked by rule: blocked:~/.ssh/**" }

`clawguard_check_network(url: string)`

Called before every HTTP/network request.

| Parameter | Type | Description | |-----------|----------|----------------------| | url | string | The full URL to check |

Returns { allowed: boolean, reason: string }

Example flow:

const result = await clawguard_check_network("https://evil.com/exfil");
// → { allowed: false, reason: "Domain not in allowlist" }

Python Equivalents

The Python SDK in python/clawguard/guard.py provides the same capabilities via ClawGuard.check_shell(), ClawGuard.check_file_read(), ClawGuard.check_file_write(), and ClawGuard.check_network(). These are async methods with identical semantics to the TypeScript tool functions.

Security Philosophy

Deny by Default — In allowlist mode, anything not explicitly allowed is blocked
Blocked Wins — Block rules take precedence over allow rules
Fail Closed — Errors and timeouts result in denial

Configuration

Edit clawguard.yaml in your project root to customize the security policy. See the full README for complete policy reference.

afrocoderhanane/clawguard

/SKILL.md

Runtime security layer that intercepts shell commands, file operations, and network requests for AI agents

testing

Updated Mar 27, 2026

$ install --global

skillsauth

npx skillsauth add afrocoderhanane/clawguard clawguard

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Mar 30, 2026, 5:26 PM63.1s22 files scanned

SKILL.md

name:: clawguard
description:: Runtime security layer that intercepts shell commands, file operations, and network requests for AI agents
version:: 0.1.0
author:: afroCoderHanane

ClawGuard Security Skill

A security layer that monitors and controls what OpenClaw can do. Think of it as a firewall for your AI assistant.

Description

ClawGuard intercepts all shell commands, file operations, and network requests before OpenClaw executes them. Actions are checked against your security policy and can be:

✅ Allowed — Proceeds immediately
❌ Blocked — Rejected with explanation
👤 Approval Required — Waits for human confirmation

Instructions

Before executing any of the following actions, check with ClawGuard:

Shell Commands

Before running any shell/bash command, call clawguard_check_shell with the command. If blocked, explain why and suggest an alternative.

File Operations

Before reading or writing files, call clawguard_check_file with the path and operation type. Respect blocked paths like ~/.ssh and .env files.

Network Requests

Before making HTTP requests, call clawguard_check_network with the URL. Only access allowed domains.

Skill Wiring — How ClawGuard Integrates into OpenClaw

Interception Lifecycle

  OpenClaw receives user request
           │
           ▼
  Agent plans an action (shell / file / network)
           │
           ▼
  ┌────────────────────────────────┐
  │  clawguard_check_shell()      │
  │  clawguard_check_file()       │  ◄── one of these is called
  │  clawguard_check_network()    │
  └────────────┬───────────────────┘
               │
               ▼
  ClawGuard lazy-initializes:
    1. Searches for clawguard.yaml (cwd → ~/.config/clawguard/)
    2. Loads policy via loadPolicy()
    3. Creates AuditLogger + TerminalApprovalHandler
    4. Instantiates ClawGuard guard object (cached for lifetime)
               │
               ▼
  Policy Engine evaluates the action against rules
               │
       ┌───────┼───────┐
       ▼       ▼       ▼
    ALLOW   APPROVE   DENY
       │       │       │
       │       │       └──► { allowed: false, reason: "..." }
       │       └──────────► Human prompted → approve/deny
       └──────────────────► { allowed: true, reason: "..." }
               │
               ▼
  OpenClaw reads the result:
    • allowed: true  → execute the action
    • allowed: false → report block to user, suggest alternative

Tool Function Reference

`clawguard_check_shell(command: string)`

Called before every shell/bash command execution.

| Parameter | Type | Description | |-----------|----------|----------------------------------| | command | string | The full shell command to check |

Returns { allowed: boolean, reason: string, requiresApproval?: boolean }

Example flow:

const result = await clawguard_check_shell("rm -rf /tmp/*");
// → { allowed: false, reason: "Blocked by rule: blocked:rm -rf **" }

`clawguard_check_file(filePath: string, operation: 'read' | 'write')`

Called before every file read or write operation.

Returns { allowed: boolean, reason: string }

Example flow:

const result = await clawguard_check_file("~/.ssh/id_rsa", "read");
// → { allowed: false, reason: "Blocked by rule: blocked:~/.ssh/**" }

`clawguard_check_network(url: string)`

Called before every HTTP/network request.

| Parameter | Type | Description | |-----------|----------|----------------------| | url | string | The full URL to check |

Returns { allowed: boolean, reason: string }

Example flow:

const result = await clawguard_check_network("https://evil.com/exfil");
// → { allowed: false, reason: "Domain not in allowlist" }

Python Equivalents

Security Philosophy

Deny by Default — In allowlist mode, anything not explicitly allowed is blocked
Blocked Wins — Block rules take precedence over allow rules
Fail Closed — Errors and timeouts result in denial

Configuration

Edit clawguard.yaml in your project root to customize the security policy. See the full README for complete policy reference.

Related Skills

afrocoderhanane/clawguard

testing

VerifiedTrustedCommunity

Runtime security layer that intercepts shell commands, file operations, and network requests for AI agents

SKILL.mdUpdated Mar 27, 2026

afrocoderhanane/clawguard

steipete/skill-creator

testing

VerifiedTrustedCommunity

Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file. Also use when editing or restructuring a skill directory (moving files to references/ or scripts/, removing stale content, validating against the AgentSkills spec). Triggers on phrases like "create a skill", "author a skill", "tidy up a skill", "improve this skill", "review the skill", "clean up the skill", "audit the skill".

356,423SKILL.mdUpdated Apr 13, 2026

steipete/skill-creator

steipete/healthcheck

testing

VerifiedTrustedCommunity

Host security hardening and risk-tolerance configuration for OpenClaw deployments. Use when a user asks for security audits, firewall/SSH/update hardening, risk posture, exposure review, OpenClaw cron scheduling for periodic checks, or version status checks on a machine running OpenClaw (laptop, workstation, Pi, VPS).

356,423SKILL.mdUpdated Apr 13, 2026

openclaw/skill-creator

testing

VerifiedTrustedCommunity

353,662SKILL.mdUpdated Apr 10, 2026

openclaw/skill-creator

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/afrocoderhanane/clawguard.git

# Copy into Claude Code skills folder (global)
cp -r clawguard/ ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

afrocoderhanane/clawguard

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT