agent-guardian Security Report — Low Risk | ClawSafe

20 /100

agent-guardian

AI助手体验守护系统：看门狗监控、智能状态汇报、即时查询、语言一致性过滤、消息队列追踪

A legitimate AI assistant monitoring/guardian skill with appropriate file and shell permissions for status tracking and language filtering. No malicious behavior detected.

Skill Nameagent-guardian

Duration40.2s

Enginepi

✓

Safe to install

Approve for use. Consider pinning langdetect version in install.sh for better supply chain hygiene.

Findings 2 items

Severity	Finding	Location
Low	Unpinned dependency version Supply Chain langdetect package installed without version constraint, potential supply chain risk `pip3 install langdetect -q` → Use 'pip3 install langdetect==1.0.9' or similar pinned version	`scripts/install.sh:53`
Low	Systemd service runs as root Priv Escalation Status query daemon configured to run as User=root in systemd service file `User=root` → Document why root is required; consider using a dedicated service account if possible	`scripts/install.sh:73`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	install.sh:52 writes to /tmp, patch scripts modify plugin dirs
Shell	`WRITE`	`WRITE`	✓ Aligned	supervisor.sh, install.sh use subprocess calls
Environment	`NONE`	`READ`	✓ Aligned	Scripts read PATH, HOME but no sensitive keys
Network	`NONE`	`NONE`	—	Uses openclaw CLI only, no raw network calls
Skill Invoke	`NONE`	`NONE`	—	N/A
Clipboard	`NONE`	`NONE`	—	N/A
Browser	`NONE`	`NONE`	—	N/A
Database	`NONE`	`NONE`	—	Uses JSON files in /tmp only

File Tree

14 files · 39.9 KB · 1214 lines

Shell 7f · 567L Markdown 3f · 353L Python 3f · 285L JSON 1f · 9L

├─ ▾ 📁 references

│ └─ ▾ 📁 patches

│ ├─ 📝 generic.md Markdown 86L · 2.9 KB

│ └─ 📝 qqbot.md Markdown 132L · 3.8 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 apply-qqbot-patch.sh Shell 93L · 4.2 KB

│ ├─ 🐍 detect-language.py Python 60L · 1.7 KB

│ ├─ 🔧 install.sh Shell 132L · 4.4 KB

│ ├─ 🐍 lang-filter.py Python 89L · 3.2 KB

│ ├─ 🐍 msg-queue.py Python 136L · 4.9 KB

│ ├─ 🔧 reset-work-state.sh Shell 22L · 516 B

│ ├─ 🔧 smart-status-report.sh Shell 56L · 1.9 KB

│ ├─ 🔧 status-query-daemon.sh Shell 70L · 2.2 KB

│ ├─ 🔧 supervisor.sh Shell 142L · 3.8 KB

│ └─ 🔧 update-work-state.sh Shell 52L · 1.3 KB

├─ 📋 _meta.json JSON 9L · 393 B

└─ 📝 SKILL.md Markdown 135L · 4.8 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`langdetect`	`*`	pip	No	Version not pinned - update to: langdetect==1.0.9
`inotify-tools`	`system`	apt	No	System package for file monitoring

Security Positives

✓ All file operations are confined to /tmp and documented skill directory

✓ No credential harvesting or sensitive path access detected

✓ No external network connections or data exfiltration

✓ Configuration stored locally, not transmitted externally

✓ Source file modifications are documented in apply-qqbot-patch.sh

✓ Backup of original files created before patching

✓ Lock file mechanism prevents duplicate daemon instances

✓ No base64 obfuscation or suspicious shell patterns

Scan Report

Findings 2 items

File Tree

Dependencies 2 items

Security Positives