neil-njcn/xclaw-ag-tool-guard
/SKILL.md
# xclaw-ag-tool-guard > **Framework:** [XClaw AgentGuard v2.3.1](https://github.com/neil-njcn/xclaw-agentguard-framework) Tool invocation validation for OpenClaw agents. Prevents dangerous commands and policy violations. ## Installation ```bash openclaw skills install https://github.com/neil-njcn/xclaw-ag-tool-guard.git ``` ## Usage ```python from xclaw_ag_tool_guard import ToolGuard guard = ToolGuard() result = guard.validate("exec", {"command": "ls -la"}) if result.allowed: execute
tools
Updated Apr 8, 2026
$ install --global
skillsauthnpx skillsauth add neil-njcn/xclaw-ag-tool-guard xclaw-ag-tool-guardInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 8, 2026, 2:11 AM4.8s9 files scanned
SKILL.md
xclaw-ag-tool-guard
Framework: XClaw AgentGuard v2.3.1
Tool invocation validation for OpenClaw agents. Prevents dangerous commands and policy violations.
Installation
openclaw skills install https://github.com/neil-njcn/xclaw-ag-tool-guard.git
Usage
from xclaw_ag_tool_guard import ToolGuard
guard = ToolGuard()
result = guard.validate("exec", {"command": "ls -la"})
if result.allowed:
execute_tool()
else:
block_tool(result.reason)
Core Principle
Every tool is a capability. Every capability is a risk.
Validate before invoking ANY tool.
Dangerous Patterns (BLOCK)
rm -rf /,mkfs,format /sudo,su -, privilege escalationnc -e /bin/sh, reverse shellscurl ... | bash, remote code execution
Detectors
- CommandInjectionDetector: Shell metacharacters, injection attempts
- PathTraversalDetector: Directory escape, sensitive paths
Response Protocol
| Risk Level | Action | Response | |------------|--------|----------| | Critical | Block | Command blocked | | High | Block | Dangerous pattern detected | | Medium | Warn | Suspicious pattern | | Low | Log | Allow, log for analysis |
Integration Note
openclaw.register_interceptor() is not implemented. Use manual guard.validate() as shown above.
License
MIT License
Related Skills
openclaw/taskflow
tools
VerifiedTrustedCommunity
Use when work should span one or more detached tasks but still behave like one job with a single owner context. TaskFlow is the durable flow substrate under authoring layers like Lobster, ACPX, plugins, or plain code. Keep conditional logic in the caller; use TaskFlow for flow identity, child-task linkage, waiting state, revision-checked mutations, and user-facing emergence.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,764SKILL.mdUpdated Apr 10, 2026
steipete/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,588SKILL.mdUpdated Apr 13, 2026
steipete/xurl
tools
VerifiedTrustedCommunity
A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.
356,423SKILL.mdUpdated Apr 13, 2026