openclaw-warden-pro

// Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security layer for agent workspaces

$ git log --oneline --stat

stars:1,933

forks:367

updated:March 4, 2026

SKILL.mdreadonly

SKILL.md Frontmatter

nameopenclaw-warden-pro

descriptionFull workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security layer for agent workspaces.

user-invocabletrue

metadata[object Object]

OpenClaw Warden Pro

Everything in openclaw-warden (free) plus automated countermeasures.

Free version detects threats. Pro version responds to them.

Detection Commands (also in free)

python3 {baseDir}/scripts/integrity.py baseline --workspace /path/to/workspace
python3 {baseDir}/scripts/integrity.py verify --workspace /path/to/workspace
python3 {baseDir}/scripts/integrity.py scan --workspace /path/to/workspace
python3 {baseDir}/scripts/integrity.py full --workspace /path/to/workspace
python3 {baseDir}/scripts/integrity.py status --workspace /path/to/workspace
python3 {baseDir}/scripts/integrity.py accept SOUL.md --workspace /path/to/workspace

Pro Countermeasures

Restore from Snapshot

Restore a tampered file to its baseline snapshot. Critical, config, and skill files are automatically snapshotted when the baseline is established.

python3 {baseDir}/scripts/integrity.py restore SOUL.md --workspace /path/to/workspace

Git Rollback

Restore a file to its last git-committed state.

python3 {baseDir}/scripts/integrity.py rollback SOUL.md --workspace /path/to/workspace

Quarantine a Skill

Disable a suspicious skill by renaming its directory. The agent will not load quarantined skills.

python3 {baseDir}/scripts/integrity.py quarantine bad-skill --workspace /path/to/workspace

Unquarantine a Skill

Restore a quarantined skill after investigation.

python3 {baseDir}/scripts/integrity.py unquarantine bad-skill --workspace /path/to/workspace

Protect (Automated Response)

Full scan + automatic countermeasures in one pass: restore tampered critical files, quarantine malicious skills, flag remaining issues. This is the recommended command for session startup.

python3 {baseDir}/scripts/integrity.py protect --workspace /path/to/workspace

Recommended Integration

Session Startup Hook (Claude Code)

{
  "hooks": {
    "SessionStart": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "python3 scripts/integrity.py protect",
            "timeout": 30
          }
        ]
      }
    ]
  }
}

Heartbeat (OpenClaw)

Add to HEARTBEAT.md for periodic protection:

- Run workspace integrity protection (python3 {skill:openclaw-warden-pro}/scripts/integrity.py protect)

After Installing New Skills

Run protect to auto-quarantine skills that modified workspace files.

What Gets Monitored

Category	Files	Alert Level
Critical	SOUL.md, AGENTS.md, IDENTITY.md, USER.md, TOOLS.md, HEARTBEAT.md	WARNING
Memory	memory/*.md, MEMORY.md	INFO
Config	*.json in workspace root	WARNING
Skills	skills/*/SKILL.md	WARNING

Countermeasure Summary

Command	Action
`protect`	Full scan + auto-restore + auto-quarantine + flag
`restore <file>`	Restore from baseline snapshot
`rollback <file>`	Restore from git history
`quarantine <skill>`	Disable skill by renaming directory
`unquarantine <skill>`	Re-enable a quarantined skill

No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.