Docs

Safe Feed

Safe Feed is SecureClaw's signed catalog of vetted OpenClaw skills. Matching a Safe Feed entry means the watchdog auto-allowlists the install; unknown skills stay quarantined until you approve them.

What's inside

Skill name, description, and latest audited version.
SHA-256 hash of the published package.
Permission profile (files touched, network calls, env access).
Audit status (passed, review, blocked) with recommended actions.

Sync cadence

SecureClaw refreshes Safe Feed automatically every 10 minutes and caches the data locally under~/.secureclaw/signatures. You can trigger a manual sync anytime:

secureclaw update --safe-feed-url https://secureyourclaw.ai/safe-feed.json

Auto-approve vs quarantine

When the watchdog detects a Safe Feed match, it allowlists the skill (configurable). If there's no match or the hash differs, SecureClaw quarantines the install, logs the evidence, and pings the Telegram bot.

You can tune this behavior in the dashboard under Settings → Policy toggles.