{"id":50543486,"url":"https://github.com/x-rayluan/openclaw-security-guard","last_synced_at":"2026-06-03T22:01:00.642Z","repository":{"id":344572313,"uuid":"1181858469","full_name":"X-RayLuan/openclaw-security-guard","owner":"X-RayLuan","description":"Fast local security checks before trusting, installing, or publishing automation.","archived":false,"fork":false,"pushed_at":"2026-03-15T09:50:07.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-15T22:53:21.810Z","etag":null,"topics":["openclaw","path-traversal","prompt-injection","secret-detection","security","skill-audit","ssrf"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/X-RayLuan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-14T18:09:13.000Z","updated_at":"2026-03-15T09:54:56.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/X-RayLuan/openclaw-security-guard","commit_stats":null,"previous_names":["x-rayluan/openclaw-security-guard"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/X-RayLuan/openclaw-security-guard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/X-RayLuan%2Fopenclaw-security-guard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/X-RayLuan%2Fopenclaw-security-guard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/X-RayLuan%2Fopenclaw-security-guard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/X-RayLuan%2Fopenclaw-security-guard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/X-RayLuan","download_url":"https://codeload.github.com/X-RayLuan/openclaw-security-guard/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/X-RayLuan%2Fopenclaw-security-guard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33881107,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-03T02:00:06.370Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openclaw","path-traversal","prompt-injection","secret-detection","security","skill-audit","ssrf"],"created_at":"2026-06-03T22:00:59.354Z","updated_at":"2026-06-03T22:01:00.612Z","avatar_url":"https://github.com/X-RayLuan.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenClaw Security Guard\n\n**Fast local security checks before you trust, install, or publish automation.**\n\n`openclaw-security-guard` helps you scan prompts, shell commands, URLs, paths, and third-party skill folders for obvious security risks before they turn into expensive mistakes.\n\n**Best for:** prompt/command safety checks, skill audits, secret leakage checks, and pre-publish guardrails.\n\n---\n\n# Why teams use it\n\n- Catch common prompt-injection and exfiltration patterns early\n- Review shell commands before automating them\n- Block risky URLs and path traversal targets\n- Audit third-party skill folders before install or publish\n- Add a lightweight guardrail before ClawHub / GitHub releases\n\n---\n\n# What it checks\n\nThis repo supports fast local checks for:\n\n- suspicious prompt text\n- dangerous shell commands\n- risky URLs (SSRF / localhost / metadata targets)\n- unsafe file paths\n- skill folders containing secrets, curl|bash patterns, destructive scripts, or exfiltration logic\n\n---\n\n# Verdicts\n\n- `ALLOW` — no high-risk pattern found in this lightweight pass\n- `WARN` — manual review required\n- `BLOCK` — do not trust / run / publish until reviewed\n\nA clean result means **no obvious pattern was detected**, not **the code is proven safe**.\n\n---\n\n# Install / Run\n\n```bash\nnpm install\n```\n\nQuick checks:\n\n```bash\nnode scripts/security-check.mjs text \"\u003ccontent\u003e\"\nnode scripts/security-check.mjs command \"\u003cshell command\u003e\"\nnode scripts/security-check.mjs url \"\u003curl\u003e\"\nnode scripts/security-check.mjs path \"\u003cpath\u003e\"\n```\n\nAudit a skill / folder:\n\n```bash\nnode scripts/audit-skill-dir.mjs /absolute/or/relative/path/to/skill\n```\n\nWrite audit into Obsidian:\n\n```bash\nnode scripts/write-obsidian-audit.mjs /tmp/audit.json \"Skill Audit - my-skill\"\n```\n\nInstall local prepublish hook wrapper:\n\n```bash\nbash scripts/install-hooks.sh\n```\n\n---\n\n# Typical use cases\n\n- “Scan this prompt for prompt injection risk”\n- “Check this shell command before automation”\n- “Validate this URL / path”\n- “Audit this third-party skill before install”\n- “Add a security guard before publishing to ClawHub”\n\n---\n\n# Files\n\n- `SKILL.md` — agent-facing routing and usage guidance\n- `scripts/security-check.mjs` — text / command / URL / path checks\n- `scripts/audit-skill-dir.mjs` — skill folder audit\n- `scripts/write-obsidian-audit.mjs` — persist audit note to Obsidian\n- `scripts/install-hooks.sh` — lightweight local install/publish wrapper\n- `references/checklist.md` — audit categories and review philosophy\n\n---\n\n# Important limits\n\n- This is a **lightweight guard**, not a sandbox\n- Regex checks catch common patterns, not every attack\n- High-risk code still needs human review and runtime isolation\n\n---\n\n# Bottom line\n\nIf you want a cheap, fast security layer before trusting external automation, this repo gives you a practical first-pass guard.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fx-rayluan%2Fopenclaw-security-guard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fx-rayluan%2Fopenclaw-security-guard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fx-rayluan%2Fopenclaw-security-guard/lists"}