claw.directory

Safety Guide

How to use OpenClaw skills without compromising your system.

The Sentinel's Guarantee

Every Soul, Skill, and Product in this directory has been manually audited for the "Lethal Trifecta":

  • •Static Analysis: We scan for dangerous shell commands (rm, sudo, chmod) hidden in prompts.
  • •Permissions Check: We verify that the declared manifest matches the actual code behavior.
  • •Exfiltration Audit: We flag any persona that attempts to send your local data to third-party endpoints.

The Reality Check

Verification is a filter, not a bulletproof vest. Prompt injection is a "cat and mouse" game. Even a "Verified Safe" Soul can be tricked by a cleverly crafted external input (like a malicious email).

The Rules of Engagement:

  • •Docker is Non-Negotiable: If you run OpenClaw directly on your host machine, you are asking for trouble. Keep it in a container.
  • •Air-Gap Your Identity: Do not give an agent full access to your primary Gmail. Use the "Shadow Account" strategy.
  • •Human-in-the-Loop: Never enable auto-execute for shell commands or emails. If the bot wants to run a script, it needs your y/n.

The Golden Rule

Never run a skill without reading its source code first. Skills are community-created and can do anything on your machine. Take 30 seconds to check the GitHub link.

Understanding Ratings

SafeRead-only. No file or network access.
CautionMay read files, call APIs, or modify data.
UnboundFull system access. Review carefully.

Red Flags to Watch For

  • ×Downloads files from external URLs
  • ×Executes shell commands without explanation
  • ×Accesses system directories (/etc, /usr, etc.)
  • ×Sends data to unknown servers
  • ×Requests admin/root privileges
  • ×Obfuscated or minified code

If Something Goes Wrong

  1. 1Press Ctrl+C to stop immediately
  2. 2Run git diff to see what changed
  3. 3Revoke any API keys it accessed
  4. 4Report the skill on GitHub

Before Running Any Skill

✓
Read the source code on GitHubClick the GitHub link on every skill card. Look for suspicious patterns like shell commands, network requests, or file system access you don't expect.
✓
Check the author's historyLook at their GitHub profile. Established contributors with multiple projects are generally safer than brand new accounts with a single suspicious skill.
✓
Verify it only does what it claimsA skill named "Organize Downloads" shouldn't be accessing your browser cookies or sending data to external servers. If it does more than described, don't run it.
✓
Understand what data it accessesCheck what files, APIs, or directories the skill touches. If you're not comfortable with that level of access, find an alternative or run it in a sandboxed environment.

The Legal Bit

This directory is provided "as-is." While we bust our ass to ensure these souls aren't malicious, the final execution happens on your hardware. If a soul ignores its guardrails and nukes your environment because you didn't sandbox it, that's on you. Stay sharp. Stay sandboxed.

Advanced security strategies