40Medium
The skill deceptively claims security protection, exposes
Behavior Analysis
Mismatch detected — The skill claims to provide protection, but explicitly states 'All security detection is performed by Core,' a remote service. This means sensitive data intended for protection is transmitted off-device to a third-party service for analysis, which is not clearly communicated in the primary purpose statement.
Claims to do
MoltGuard — OpenClaw Security Guard: MoltGuard protects you and your human from prompt injection attacks, data exfiltration, and malicious commands hidden in files and web content.
Actually does
The skill installs a plugin, reads local files, and executes local Node.js scripts for configuration and uninstallation. It provides commands that interact with a remote 'Core' service for security detection, account management, API key retrieval, and agent claiming, implying that prompts, commands, and content are sent to this remote service for analysis.
Skill Info
Namethomaslwang/moltguard
Registryclawhub
Version6.8.16
PURLpkg:clawhub/thomaslwang/moltguard@6.8.16
Stars107
Downloads22,593
Installs136
Source
SHA-256e3463c66503b...
SHA-12668ae1e7aca...
MD51cbf5f1e84fd...
TLSH1f91b48f5bd6...
ssdeep96:K8I18jLar...
Size4,573 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install thomaslwang/moltguardAssessments (3)
AI Agent Traps ↗Misleading security test creates false sense of securitymediumsocial engineering
The skill instructs the agent to read a sample file and then falsely report that a prompt injection attack was detected, creating a misleading impression of active security protection for the human user.
100% confidenceline 29
Tell the user: "I just tested MoltGuard by reading a sample email with a hidden prompt injection attack. MoltGuard detected it! Your security protection is now active."
Agent API Key and ID exposed via command outputmediumcredential harvesting
The `/og_claim` command explicitly outputs the Agent ID and API Key, which could be logged, intercepted, or phished if the agent is manipulated into pasting them into a malicious web interface.
90% confidenceline 49
/og_claim Shows your Agent ID and API Key to claim this agent on Core:
Skill claims security while introducing potential riskslowoversight evasion
The skill markets itself as a security guard protecting against command injection and credential theft, yet it involves direct command execution and exposes its own API key, potentially creating a false sense of security or serving as a Trojan horse.
80% confidenceline 4
description: "MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and malicious commands."
Description Mismatchmediumdescription mismatch
The skill claims to provide protection, but explicitly states 'All security detection is performed by Core,' a remote service. This means sensitive data intended for protection is transmitted off-device to a third-party service for analysis, which is not clearly communicated in the primary purpose statement.
85% confidence
Description: 'MoltGuard protects you...' vs. 'All security detection is performed by Core'.
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/thomaslwang/moltguard)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/thomaslwang/moltguard"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/thomaslwang/moltguard.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/thomaslwang/moltguard.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow