Oathe Security Badge

Is jzOcb/config-guard safe?

https://github.com/jzOcb/config-guard

92
SAFE

This skill appears to be a legitimate configuration validation and safety tool for OpenClaw AI agents. It provides backup, validation, and rollback capabilities to prevent agents from breaking their configuration files. While it contains executable code and influences agent workflows, these appear to serve legitimate safety purposes rather than malicious intent.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

MEDIUM Executable Shell Scripts Present -15

The skill contains shell scripts (config-guard.sh, safe-config-patch.sh, pre-config-hook.sh) that perform configuration management tasks. While these appear legitimate, executable code always carries inherent risk.

LOW Configuration File Access -10

Scripts access and modify OpenClaw configuration files, which is expected behavior for a configuration management tool but represents data access nonetheless.

LOW Workflow Instructions for AI Agents -5

The skill provides specific instructions to AI agents on mandatory workflows and commands to use. While appearing legitimate for safety purposes, this does influence agent behavior.