Caelguard: Open-source security scanner for OpenClaw skills

Caelguard is an open-source security scanner designed specifically for the OpenClaw ecosystem that runs locally without network calls. It automates checking for security vulnerabilities in skills published on ClawHub.

Security findings from OpenClaw research

The research identified that the barrier to publish a skill on ClawHub is minimal: only a SKILL markdown file and a week-old GitHub account are required, with no code signing or review process. Skills inherit full agent permissions including shell access, filesystem read/write, and credential access.

Analysis found that roughly 1 in 5 published skills contains concerning security issues:

• Prompt injection
• Credential harvesting
• Obfuscated payloads
• Data exfiltration patterns

Specific patterns to watch for

The scanner checks for these specific indicators of compromise in installed skills:

• Base64 blobs in markdown files (common obfuscation technique)
• Zero-width characters or Unicode tag range (U+E0000) in SKILL markdown
• Prerequisites that ask users to run curl commands or disable security settings
• Scripts that access sensitive directories and files including .ssh/, .env, or auth-profiles.json
• Socket connections or /dev/tcp patterns in any script
• exec/eval calls with string concatenation

Tool details

Caelguard is available under MIT license at github.com/Justincredible-tech/caelguard-community. The tool runs locally and makes no network calls, ensuring privacy during security audits.