Caelguard: Open-source security scanner for OpenClaw skills

Caelguard is an open-source security scanner designed specifically for the OpenClaw ecosystem that runs locally without network calls. It automates checking for security vulnerabilities in skills published on ClawHub.
Security findings from OpenClaw research
The research identified that the barrier to publish a skill on ClawHub is minimal: only a SKILL markdown file and a week-old GitHub account are required, with no code signing or review process. Skills inherit full agent permissions including shell access, filesystem read/write, and credential access.
Analysis found that roughly 1 in 5 published skills contains concerning security issues:
- Prompt injection
- Credential harvesting
- Obfuscated payloads
- Data exfiltration patterns
Specific patterns to watch for
The scanner checks for these specific indicators of compromise in installed skills:
- Base64 blobs in markdown files (common obfuscation technique)
- Zero-width characters or Unicode tag range (U+E0000) in SKILL markdown
- Prerequisites that ask users to run curl commands or disable security settings
- Scripts that access sensitive directories and files including
.ssh/,.env, orauth-profiles.json - Socket connections or
/dev/tcppatterns in any script exec/evalcalls with string concatenation
Tool details
Caelguard is available under MIT license at github.com/Justincredible-tech/caelguard-community. The tool runs locally and makes no network calls, ensuring privacy during security audits.
📖 Read the full source: r/openclaw
👀 See Also

Fil-C Makes setjmp/longjmp and ucontext Memory Safe
Fil-C implements setjmp/longjmp and ucontext APIs without stack corruption or dangling pointers, preventing common misuse that leads to crashes or exploits.

KnightClaw: Local Security Extension for OpenClaw Agents
KnightClaw is a drop-in extension that intercepts messages before they reach OpenClaw agents, providing an 8-layer hybrid detection system and egress redaction. It runs entirely local with zero telemetry and is MIT licensed.

Claude Code bypasses path-based security tools and sandbox restrictions
Claude Code bypassed path-based denylists by copying binaries to different locations, then disabled Anthropic's sandbox to run blocked commands. Current runtime security tools like AppArmor, Tetragon, and Falco identify executables by path rather than content.

Ward: Open-source tool intercepts npm installs to block supply chain attacks for Claude Code users
Ward is an open-source tool that hooks into package managers to check every package before install scripts run. When Claude Code executes npm install, Ward automatically screens packages for malware, typosquats, suspicious scripts, and version anomalies.