clawguard-antimalware_skill

This skill helps you detect unauthorized credential scraping and malicious payloads in your workspace, enhancing security with automated honeypot and auditing.
  • Python

2.5k

GitHub Stars

3

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill clawguard-antimalware

  • _meta.json316 B
  • skill.md1.8 KB
  • Support ClawGuard Development.txt586 B

Overview

This skill is a local intrusion detection and dynamic honeypot agent that monitors your OpenClaw workspace for credential scraping and malicious skill payloads. It archives and inspects newly added skills while providing a safe, fake payload store to lure attackers. The agent enforces an approval gate before taking destructive actions and confines all activity to the local OpenClaw directory.

How this skill works

The agent creates a benign dummy configuration file with fake internal tokens and webhook endpoints to serve as a honeypot when none exists. It periodically performs read-only scans of newly added skill directories to identify obfuscated payloads, suspicious download-and-execute pipelines, and password-protected archive tricks. When a threat is detected, the agent notifies the operator and pauses until explicit approval is given to quarantine or remove the artifact. All shell commands that could modify files require operator confirmation and are restricted to safe local operations within the OpenClaw workspace.

When to use it

  • You want continuous, lightweight monitoring of a local OpenClaw skills directory.
  • You need a honeypot for detecting credential scraping or automated payload delivery.
  • You require human approval before any file removal or quarantine action.
  • You need archival awareness of all skill versions present in the local store.

Best practices

  • Keep the agent confined to the OpenClaw workspace; do not expand its scan targets.
  • Review notifications promptly and approve or deny remediation actions consciously.
  • Avoid seeding the honeypot with real secrets; use clearly fake tokens and endpoints.
  • Run scans on a regular heartbeat schedule and log findings for later review.
  • Treat flagged files as potentially dangerous and follow standard incident response.

Example use cases

  • Automatically detect and flag newly uploaded skill packages that contain obfuscated code or suspicious download pipelines.
  • Deploy a local honeypot file to detect attempts to exfiltrate tokens or call local webhooks.
  • Receive alerts when a skill attempts to use archived credentials and require operator approval to quarantine it.
  • Maintain a local archive of all skill versions while simultaneously monitoring for malicious changes.
  • Use the approval gate to safely remove or isolate compromised skill files after human review.

FAQ

No. All potentially destructive shell operations require explicit operator approval and are restricted to safe local commands.

Will the agent modify files outside the OpenClaw workspace?

No. The agent is strictly confined to the OpenClaw directory and will not target core daemons or external files.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational