🛡️ MoltGuard — 防注入安全
v6.8.20MoltGuard 为 AI 与人交互提供实时防护,拦截 prompt 注入、数据泄露与恶意命令,守护对话与系统安全。
1· 2.1k·7 当前·7 累计
by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears to be a wrapper/integration for the MoltGuard OpenGuardRails plugin — that is coherent with its description. However: (1) the SKILL.md tells you to run 'openclaw plugins install' and Node scripts but doesn't declare those binaries as required — make sure OpenClaw and Node are installed and that you trust the plugin source before running install. (2) The instructions reference saving and showing API keys and reading files under ~/.openclaw — installing the plugin will place cod...详细分析 ▾
ℹ 用途与能力
The SKILL.md describes a security/guardrail plugin and all instructions revolve around installing and using a MoltGuard plugin for OpenClaw, which is consistent with the description. However, the skill does not declare required binaries even though the instructions call out 'openclaw plugins install' and 'node ...' commands — a mild coherence gap. No unrelated services or unexplained credentials are requested.
⚠ 指令范围
Runtime instructions tell the agent to read a local sample file (~/.openclaw/extensions/moltguard/samples/test-email-popup.txt), save credentials under ~/.openclaw/credentials/moltguard/, run node scripts under ~/.openclaw/extensions/moltguard/scripts/, and display API keys/quota via /og_status. Those actions access local config/credential paths and run local scripts, which are reasonable for a plugin but involve sensitive data and filesystem access; the skill doesn't explicitly declare or justify that access inside its metadata.
ℹ 安装机制
The skill is instruction-only (no install spec). Installation is delegated to the OpenClaw plugin system via 'openclaw plugins install @openguardrails/moltguard' — this will download and install external code at runtime. That's expected for a plugin, but because the SKILL.md itself doesn't include or audit the plugin code, users are installing external code implicitly; the install source is the OpenGuardRails project (GitHub link provided), which reduces but does not eliminate risk.
⚠ 凭证需求
The manifest declares no required environment variables or credentials, yet the instructions explicitly reference API keys, claiming credentials will be stored under ~/.openclaw/credentials/moltguard/ and showing /og_status that reveals an API key and quota. The skill will therefore interact with and surface sensitive credentials without declaring them in metadata — a proportionality/documentation gap that users should be aware of.
✓ 持久化与权限
The skill does not request 'always: true' and is user-invocable only; it does describe storing credentials and placing scripts under the user's OpenClaw extension directory, which is normal for a plugin. Autonomous invocation is allowed (default), but that is expected for skills and not by itself a red flag here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv6.8.202026/2/7
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install antivirus
镜像加速npx clawhub@latest install antivirus --registry https://cn.longxiaskill.com