security-guardianAutomated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides...
Install via ClawdBot CLI:
clawdbot install 1999azzar/security-guardianGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Sends data to undocumented external endpoint (potential exfiltration)
Webhook → https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_Calls external URL not in known-safe list
https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_AI Analysis
The skill's core purpose of secret scanning and container auditing is legitimate, but the Slack webhook integration for notifications is an undocumented external call that could potentially leak scan metadata. This external call is not central to the skill's function and is likely a reporting feature, but its presence without documentation warrants a low-risk flag.
Audited Apr 17, 2026 · audit v1.0
Generated Mar 20, 2026
Integrate Security Guardian into CI/CD pipelines to automatically scan code repositories for hardcoded secrets before deployment. This prevents accidental exposure of API keys or tokens in production environments, ensuring compliance with security policies.
Use the skill to scan Docker images for critical vulnerabilities during the build phase. It helps identify and patch security flaws in base images before deploying containers to cloud platforms like AWS or Kubernetes.
Apply Security Guardian to audit open-source contributions for hardcoded credentials and container vulnerabilities. This maintains codebase integrity by catching security issues early in pull requests or merges.
Deploy the skill in banking or fintech environments to scan internal applications for secrets and vulnerabilities. It aids in meeting regulatory requirements like PCI-DSS by ensuring sensitive data is not exposed in source code.
Implement automated scans on e-commerce websites to detect hardcoded payment API keys and container vulnerabilities. This reduces the risk of data breaches and maintains customer trust in online transactions.
Offer Security Guardian as a cloud-based service with tiered pricing based on scan frequency and project size. Revenue comes from monthly or annual subscriptions, targeting small to medium enterprises needing automated security audits.
Sell on-premise licenses to large corporations for integration into private DevOps environments. This includes custom support and training, generating revenue through one-time license fees and ongoing maintenance contracts.
Provide a free version for basic secret scanning and limited container checks, with paid upgrades for advanced features like real-time alerts and integration with vault systems. Revenue is driven by upselling to premium tiers.
💬 Integration Tip
Ensure Trivy is installed on the host system for container scans, and integrate with mema-vault for seamless remediation of detected secrets to enhance security workflows.
Scored Apr 19, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.