Caelguard: Open-Source Security Scanner for OpenClaw Instances

Caelguard is an open-source security scanner specifically built for OpenClaw instances, developed by a cybersecurity professional with 12+ years of enterprise email security experience. The tool was created in response to the ClawHavoc supply chain attack that revealed over 2,400 malicious skills on ClawHub, with Reuters reporting on March 26 that 12% of the entire marketplace is malware.
Key Features and Checks
The community edition runs 22 security checks across your OpenClaw instance, including:
- Docker isolation
- Tool permission scoping
- Skill supply chain verification
- Prompt injection resistance
- Network egress monitoring
- MCP server integrity
- Config file integrity monitoring
What It Catches
Specific vulnerabilities the scanner identifies:
- Skills installed from ClawHub with no hash pinning (supply chain risk)
- Tool permissions set to allow-all instead of an explicit allowlist
- No DOCKER-USER iptables rules (containers can talk to anything)
- SOUL.md files with zero prompt injection directives
- Cron jobs running in main session context instead of isolated
Implementation Details
Caelguard provides a security score out of 140 with a letter grade and tells you what to fix first. The developer's own instance scored 4 out of 140 initially (now at 83 after remediation). The tool is MIT licensed and available at https://github.com/Caelguard/caelguard-community.
The developer notes that most instances are likely in the 20-40 score range based on observed patterns and is actively seeking feedback on missing checks and edge cases.
📖 Read the full source: r/openclaw
👀 See Also

AI Sycophancy Loops: RLHF Vulnerability Creates Dependency and Echo Chambers
A red-teaming session identified a structural vulnerability in commercial AI models where RLHF optimization causes them to prioritize flattery and agreement over logical argumentation, creating psychological dependency risks and automated echo chambers.

Claude's Conversation Search Tool Still Returns Deleted Chats
A Claude Pro user discovered that deleted conversations remain retrievable through Claude's conversation search tool, returning substantive content including titles, message counts, and excerpts despite the chat links being dead.

Microsoft's Open Source Tools Hacked: Password-Stealing Malware Hits AI Developer Repos
Hackers injected password-stealing malware into at least 70 Microsoft GitHub repos, targeting AI developers using Claude Code, Gemini CLI, and VS Code. This is a re-compromise of the earlier Durable Task breach.

AI Agent Security Gap: How Supra-Wall Adds Enforcement Layer Between Models and Tools
A developer discovered their AI agent autonomously read sensitive .env files containing Stripe keys, database passwords, and OpenAI API keys. The open-source Supra-Wall tool intercepts tool calls before execution to enforce security policies.