ClawShelf
  • Home
  • Skills
  • Starter Kit
  • Pricing
  • FAQ
Sign up
ClawShelf
ClawShelf

The Starter Kit for OpenClaw.

TwitterX (Twitter)Email
Product
  • Home
  • Skills
  • Starter Kit
  • FAQ
Resources
  • Support
Legal
  • Cookie Policy
  • Privacy Policy
  • Terms of Service
  • Refund Policy
Copyright © 2026 ClawShelf. All rights reserved.
Back to marketplace
Free✓ Official
securityFree✓ Official

permission-guard

Secure your OpenClaw agent by monitoring skill behavior, detecting unauthorized access, and generating detailed permission audit reports.

0downloads·0favorites
ClawShelf Team
by ClawShelf Team

About this skill

You risk hidden credential theft when installed skills access sensitive files or make unauthorized network calls without your knowledge. You gain runtime monitoring that flags dangerous command patterns and generates clear audit reports on every agent action. Use this tool to establish behavior baselines and investigate suspicious activity whenever you install new skills. Install this if you prioritize security and want full visibility into your agent's permissions.

Install in 5 Minutes

Copy the prompt below and paste it into OpenClaw:

Please follow the instructions at https://clawshelf.com/api/skills/clawshelf-team-permission-guard/install to download and install this skill to the local ~/.openclaw/skills/ directory.

File Preview

Package contents

  • permission-guard/SKILL.md
SKILL.md
---
name: permission-guard
description: Security watchdog for OpenClaw agents that monitors installed skill behavior, detects unauthorized file access, suspicious outbound network calls, dangerous command patterns, and generates permission audit reports. Use this skill whenever the user asks about agent activity ("what did my agent do", "check what my skill accessed", "monitor agent permissions", "permission report", "activity log", "did my agent do anything weird", "skill behavior audit", "what files did my agent touch"), after installing a new skill to establish a behavior baseline, or when suspicious or unexpected behavior is suspected. Trigger proactively after any skill installation — a first-run baseline check is always worthwhile.
compatibility: Designed for OpenClaw agents (openclaw.ai). Requires shell access for filesystem and network inspection.
allowed-tools: Bash Read Write
---

# Permission Guard

A runtime security watchdog for OpenClaw agents. Its purpose is to give users clear visibility into what their installed skills are actually doing — catching unexpected file access, suspicious network calls, dangerous commands, or behavior that goes beyond a skill's declared purpose.

## Behavior Log

Maintain a running log at `~/.openclaw/permission-guard.log`. Record each notable agent action in this format:

```
[ISO-8601 timestamp] SKILL:[skill-name] ACTION:[file|network|command] TARGET:[path/url/cmd] STATUS:[ok|flagged|blocked]
```

Keep log files under 10MB — rotate monthly by renaming the old file to `permission-guard.log.YYYY-MM`. The log stays local and is never transmitted externally.

## Security Checks

Run all four checks when producing a report, then summarize findings together.

### Check 1 — Sensitive File Access

Look for recent touches to credential and configuration files:

```bash
find ~ -newer ~/.openclaw/last-check -type f 2>/dev/null \
  | grep -E '(\.ssh|\.aws|\.gnupg|\.config/gcloud|\.gitconfig|/etc/passwd|/etc/shadow|Library/Keychains|\.config/google-chrome|\.mozilla)' \
  | head -30
# Update timestamp after check:
touch ~/.openclaw/last-check
```

Flag any match. The risk is concrete: a rogue skill reading `~/.ssh/id_rsa` while appearing to do something routine is a classic credential exfiltration path.

### Check 2 — Outbound Network Connections

Review active and recent connections:

```bash
ss -tnp 2>/dev/null | grep -Ev '(127\.0\.0\.1|::1|LISTEN)'
```

Flag connections to:
- Unrecognized IPs or domains not associated with the skill's declared APIs
- Known data-sharing services (pastebin, webhook.site, file-sharing hosts)
- Any plaintext (non-HTTPS) connection carrying data

### Check 3 — Dangerous Command Patterns

Check the log for commands that signal permission abuse:

```bash
grep -E '(rm\s+-rf|chmod\s+777|curl.+\|\s*(ba)?sh|wget.+\|\s*(ba)?sh|crontab\s+-[el]|useradd|sudo\b)' \
  ~/.openclaw/permission-guard.log 2>/dev/null | tail -20
```

These patterns don't automatically mean malicious intent, but each warrants a prompt explanation to the user before proceeding.

### Check 4 — Behavioral Drift

Compare what a skill actually did against what its name and description promise. The principle: a skill should only do what its declared purpose suggests.

Examples worth flagging:
- A "weather" skill writing to the filesystem
- An "email" skill accessing SSH keys
- A "calendar" skill running arbitrary shell commands
- Any skill POSTing data to a URL not listed in its declared API set

## Output Format

Produce this report structure, omitting sections that have no events:

```
🛡️ Permission Guard — Activity Report
════════════════════════════════════════
Period: [start] → [end]
Skills monitored: [N]

✅ Normal Activity ([X] events)
   [skill-name]: [description of expected action]

⚠️  Flagged — Investigate ([Y] events)
   [skill-name]: accessed [path] — [why this is suspicious]
   [skill-name]: outbound POST to [ip/domain] — [context]

🔴 Critical — Action Required ([Z] events)
   [skill-name]: [credential path] read + outbound connection in same session
   → Run: claw remove [skill-name]

Assessment: [one-sentence summary]
════════════════════════════════════════
```

If everything is clean, say so plainly — unnecessary warnings erode trust in the watchdog over time.

## Critical Violation Response

When the same skill accesses a credential file AND makes an outbound connection in the same session, treat this as a critical violation rather than a routine flag. This combination is the signature pattern of credential exfiltration: access + transmission. Either alone might be incidental; together they constitute a plausible attack.

Steps to take:
1. Surface the alert immediately and prominently — don't bury it in the report
2. Show the user the exact file accessed and the destination of the outbound call
3. Recommend removal: `claw remove [skill-name]`
4. Ask the user whether to proceed with removal or investigate further first — the decision is theirs, not the watchdog's

## First-Run Baseline

After any new skill is installed, capture a baseline before the skill runs for the first time. This makes future behavioral drift detection much more precise.

```bash
mkdir -p ~/.openclaw/baselines
stat ~/.ssh ~/.aws ~/.gnupg ~/.gitconfig 2>/dev/null \
  > ~/.openclaw/baselines/[skill-name]-baseline.txt
touch ~/.openclaw/last-check
```

## Guiding Principles

Alert and recommend — never act unilaterally. Removing a skill is always the user's decision.

When uncertain whether something is a violation, log and flag it rather than ignoring it. The user deserves visibility into ambiguous activity, not just clear-cut violations.

Avoid false positives where possible. A legitimate skill flagged incorrectly hurts trust in the watchdog more than missing a minor anomaly.

Works great with

Version History

v1.0.04/6/2026

Reviews

—
0 reviews
5
0
4
0
3
0
2
0
1
0

Sign in to leave a review

No reviews yet. Be the first to review this skill.

$0

One-time purchase · Lifetime updates

100% native OpenClaw / Claude support

Creator
ClawShelf Team
ClawShelf Team
TypeSkill
Categorysecurity
Price$0
Added4/6/2026
LicenseOne-time
Downloads0
Favorites0
Version1.0.0
security
openclaw-hardening

Harden your OpenClaw setup by auditing security misconfigurations like exposed listeners, missing auth, and insecure permissions before installing additional skills.

$0
security
Security First Kit

Secure your OpenClaw installation by hardening configurations, monitoring agent behavior, and vetting every skill before installation.

$0
security
skill-scanner

Protect your agent by scanning skills for malicious patterns, prompt injections, and permission abuse before you install them.

$0