openclaw-wardenVerify workspace file integrity and scan for prompt injection patterns in agent identity and memory files. Detects unauthorized modifications to SOUL.md, AGENTS.md, IDENTITY.md, memory files, and installed skills. Free detection layer β upgrade to openclaw-warden-pro for automated countermeasures.
Install via ClawdBot CLI:
clawdbot install AtlasPA/openclaw-wardenMonitors your workspace files for unauthorized modifications and prompt injection attacks. Existing security tools scan skills before installation β this tool watches the workspace itself after installation, catching tampering that other tools miss.
Your agent reads SOUL.md, AGENTS.md, IDENTITY.md, USER.md, and memory files on every session startup and trusts them implicitly. A compromised skill, a malicious heartbeat payload, or an unauthorized process can modify these files to:
This skill detects all of these.
Create or reset the integrity baseline. Run this after setting up your workspace or after reviewing and accepting all current file states.
python3 {baseDir}/scripts/integrity.py baseline --workspace /path/to/workspaceCheck all monitored files against the stored baseline. Reports modifications, deletions, and new untracked files.
python3 {baseDir}/scripts/integrity.py verify --workspace /path/to/workspaceScan workspace files for prompt injection patterns: hidden instructions, base64 payloads, Unicode tricks, markdown image exfiltration, HTML injection, and suspicious system prompt markers.
python3 {baseDir}/scripts/integrity.py scan --workspace /path/to/workspaceRun both integrity verification and injection scanning in one pass.
python3 {baseDir}/scripts/integrity.py full --workspace /path/to/workspaceOne-line summary of workspace health.
python3 {baseDir}/scripts/integrity.py status --workspace /path/to/workspaceAfter reviewing a legitimate change, update the baseline for a specific file.
python3 {baseDir}/scripts/integrity.py accept SOUL.md --workspace /path/to/workspaceIf --workspace is omitted, the script tries:
OPENCLAW_WORKSPACE environment variable~/.openclaw/workspace (default)| Category | Files | Alert Level on Change |
|----------|-------|-----------------------|
| Critical | SOUL.md, AGENTS.md, IDENTITY.md, USER.md, TOOLS.md, HEARTBEAT.md | WARNING |
| Memory | memory/*.md, MEMORY.md | INFO (expected to change) |
| Config | *.json in workspace root | WARNING |
| Skills | skills/*/SKILL.md | WARNING |
Injection patterns trigger CRITICAL alerts regardless of file category.
[SYSTEM], <> blocks$(...) outside code blocks0 β Clean, no issues1 β Modifications detected (review needed)2 β Injection patterns detected (action needed)Python standard library only. No pip install. No network calls. Everything runs locally.
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.
Generated Mar 1, 2026
Development teams building AI agents can use OpenClaw Warden to monitor critical configuration files like SOUL.md and AGENTS.md for unauthorized changes, ensuring that agent behavior remains consistent and secure against tampering from compromised skills or external attacks. This is especially vital in collaborative environments where multiple contributors might modify the workspace.
Organizations in regulated industries such as finance or healthcare can deploy this skill to maintain audit trails of AI workspace integrity, detecting prompt injection attempts or unauthorized modifications that could violate data protection laws. It helps demonstrate due diligence in securing AI-driven processes against malicious interference.
Universities and training centers running AI labs can use the tool to safeguard student projects by scanning for injection patterns and file changes, preventing accidental or malicious alterations to agent identities and memories. This ensures a secure learning environment while teaching best practices in AI security.
Large enterprises deploying AI agents for customer service or internal automation can integrate OpenClaw Warden to continuously verify workspace integrity, catching tampering from insider threats or external breaches before it affects operations. It complements existing security tools by focusing on post-installation monitoring.
Offer a basic version of OpenClaw Warden for free to individual developers and small teams, with premium features like advanced injection pattern detection, real-time alerts, and integration with CI/CD pipelines available via subscription. Revenue is generated from monthly or annual licenses for enterprise users.
Provide consulting services to organizations for customizing the skill to their specific AI workflows, including tailored monitoring rules, integration with existing security systems, and ongoing support. Revenue comes from project-based fees and retainer agreements for maintenance and updates.
Release the core tool as open source to build a community and drive adoption, while offering commercial support packages that include priority bug fixes, training, and certified versions for regulated industries. Revenue is generated from support contracts and certification fees.
π¬ Integration Tip
Integrate the baseline command into your workspace setup script and schedule regular verify scans via cron jobs or CI/CD pipelines to automate security checks.
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
Search and analyze your own session logs (older/parent conversations) using jq.
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linking related objects, enforcing constraints, planning multi-step actions as graph transformations, or when skills need to share state. Trigger on "remember", "what do I know about", "link X to Y", "show dependencies", entity CRUD, or cross-skill data access.
Ultimate AI agent memory system for Cursor, Claude, ChatGPT & Copilot. WAL protocol + vector search + git-notes + cloud backup. Never lose context again. Vibe-coding ready.
Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection