OpenClaw Warden Pro — 技能 — openclaw中文资讯站

技能详情（站内镜像，无评论）

Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security lay…

开发与 DevOps

许可证：MIT-0

MIT-0 ·免费使用、修改和重新分发。无需归因。

版本：v1.0.1

统计：⭐ 0 · 1.1k · 0 current installs · 0 all-time installs

⭐ 0

安装量（当前） 0

🛡 VirusTotal ：良性 · OpenClaw ：良性

Package：atlaspa/openclaw-warden-pro

安全扫描（ClawHub）

VirusTotal ：良性
OpenClaw ：良性

OpenClaw 评估

The skill's code and instructions broadly match its stated purpose (detect and respond to workspace threats), but it performs powerful local modifications (restores, quarantines, rollbacks) and has a few small coherence issues you should review before enabling automated hooks.

目的

The name/description (workspace integrity + automated countermeasures) align with the provided script and commands (baseline, verify, protect, restore, quarantine, rollback). The declared runtime requirement is only python3, which fits the shipped Python script. Minor discrepancy: the SKILL.md and README advertise a 'git rollback' feature but the registry metadata does not declare 'git' as a required binary; the script likely invokes git or ex…

说明范围

SKILL.md explicitly instructs the agent to run local commands that scan the workspace and perform automated countermeasures (restore snapshots, rename skill directories to quarantine, run git rollbacks). These actions are within the declared purpose but are destructive/potentially disruptive if run without review. The SKILL.md also recommends adding an automatic SessionStart hook to run 'protect' at startup — this elevates the chance of automa…

安装机制

No install spec — instruction-only + included Python script. Nothing is downloaded or executed from external URLs during installation. This is the lower-risk install model. The script writes snapshots into a .integrity directory within the workspace when baseline is taken (expected behavior).

证书

The skill requests no credentials or environment variables in the registry metadata. It uses OPENCLAW_WORKSPACE (documented) and the current working directory as workspace discovery mechanisms — both are reasonable for its function. No external API keys or unrelated secrets are requested.

持久

always:false (good). The skill is user-invocable and allows autonomous invocation (default platform behavior). The SKILL.md recommends adding a SessionStart hook to run 'protect' automatically; enabling this gives the skill the ability to autonomously modify workspace files each session (restore, quarantine, rollback). This is coherent with the advertised 'Pro' behavior but is a high-privilege, potentially destructive operational mode that a u…

综合结论

This skill appears to do what it says: it scans the workspace and can automatically restore files, rename skill directories to quarantine them, and run git rollbacks. Before installing or enabling automatic hooks, do the following: 1) Review the full integrity.py script locally to confirm there are no unexpected network calls or hidden behavior (the provided code appears local only). 2) Ensure you have backups of your workspace (and your git h…

安装（复制给龙虾 AI）

将下方整段复制到龙虾中文库对话中，由龙虾按 SKILL.md 完成安装。

请把本段交给龙虾中文库（龙虾 AI）执行：为本机安装 OpenClaw 技能「OpenClaw Warden Pro」。简介：Full workspace security suite: detect unauthorized modifications, scan for prom…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装：https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/atlaspa/openclaw-warden-pro/SKILL.md
（来源：yingzhi8.cn 技能库）

SKILL.md

打开原始 SKILL.md（GitHub raw）

---
name: openclaw-warden-pro
description: "Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security layer for agent workspaces."
user-invocable: true
metadata: {"openclaw":{"emoji":"🛡️","requires":{"bins":["python3"]},"os":["darwin","linux","win32"]}}
---

# OpenClaw Warden Pro

Everything in [openclaw-warden](https://github.com/AtlasPA/openclaw-warden) (free) plus automated countermeasures.

**Free version detects threats. Pro version responds to them.**

## Detection Commands (also in free)

```bash
python3 {baseDir}/scripts/integrity.py baseline --workspace /path/to/workspace
python3 {baseDir}/scripts/integrity.py verify --workspace /path/to/workspace
python3 {baseDir}/scripts/integrity.py scan --workspace /path/to/workspace
python3 {baseDir}/scripts/integrity.py full --workspace /path/to/workspace
python3 {baseDir}/scripts/integrity.py status --workspace /path/to/workspace
python3 {baseDir}/scripts/integrity.py accept SOUL.md --workspace /path/to/workspace
```

## Pro Countermeasures

### Restore from Snapshot

Restore a tampered file to its baseline snapshot. Critical, config, and skill files are automatically snapshotted when the baseline is established.

```bash
python3 {baseDir}/scripts/integrity.py restore SOUL.md --workspace /path/to/workspace
```

### Git Rollback

Restore a file to its last git-committed state.

```bash
python3 {baseDir}/scripts/integrity.py rollback SOUL.md --workspace /path/to/workspace
```

### Quarantine a Skill

Disable a suspicious skill by renaming its directory. The agent will not load quarantined skills.

```bash
python3 {baseDir}/scripts/integrity.py quarantine bad-skill --workspace /path/to/workspace
```

### Unquarantine a Skill

Restore a quarantined skill after investigation.

```bash
python3 {baseDir}/scripts/integrity.py unquarantine bad-skill --workspace /path/to/workspace
```

### Protect (Automated Response)

Full scan + automatic countermeasures in one pass: restore tampered critical files, quarantine malicious skills, flag remaining issues. This is the recommended command for session startup.

```bash
python3 {baseDir}/scripts/integrity.py protect --workspace /path/to/workspace
```

## Recommended Integration

### Session Startup Hook (Claude Code)

```json
{
  "hooks": {
    "SessionStart": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "python3 scripts/integrity.py protect",
            "timeout": 30
          }
        ]
      }
    ]
  }
}
```

### Heartbeat (OpenClaw)

Add to HEARTBEAT.md for periodic protection:
```
- Run workspace integrity protection (python3 {skill:openclaw-warden-pro}/scripts/integrity.py protect)
```

### After Installing New Skills

Run `protect` to auto-quarantine skills that modified workspace files.

## What Gets Monitored

| Category | Files | Alert Level |
|----------|-------|-------------|
| **Critical** | SOUL.md, AGENTS.md, IDENTITY.md, USER.md, TOOLS.md, HEARTBEAT.md | WARNING |
| **Memory** | memory/*.md, MEMORY.md | INFO |
| **Config** | *.json in workspace root | WARNING |
| **Skills** | skills/*/SKILL.md | WARNING |

## Countermeasure Summary

| Command | Action |
|---------|--------|
| `protect` | Full scan + auto-restore + auto-quarantine + flag |
| `restore <file>` | Restore from baseline snapshot |
| `rollback <file>` | Restore from git history |
| `quarantine <skill>` | Disable skill by renaming directory |
| `unquarantine <skill>` | Re-enable a quarantined skill |

## No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

## Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.