Openclaw Security
Unified security suite for agent workspaces. Installs, configures, and orchestrates all 11 OpenClaw security tools in one command — integrity, secrets, permissions, network, audit trail, signing, supply chain, credentials, injection defense, compliance, and incident response.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 1 · 1.2k · 7 current installs · 8 all-time installs
by@AtlasPA
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (a unified orchestrator for 11 security tools) match the included orchestrator script and SKILL.md commands. However the README and runtime behavior require the external ClawHub CLI for installing/updating tools, which contradicts the 'No external dependencies (stdlib only)' claim. Requiring a network installer (clawhub/git) is plausible for this purpose but the README/requirements inconsistency should be clarified.
Instruction Scope
SKILL.md instructs the agent to run scripts/security.py which in turn runs other skill scripts found under the workspace (e.g., scripts/sentry.py, scripts/warden.py). That is expected for an orchestrator, but it means the skill will execute arbitrary code present in installed skill directories under your workspace and will read and likely modify workspace files. The instructions also auto-detect OPENCLAW_WORKSPACE and default to ~/.openclaw/workspace or current working dir, so be careful where you run it. The orchestration gives the skill broad discretion to run many scanners and setup/protect commands — appropriate for the stated purpose but high-risk if installed skills are untrusted.
Install Mechanism
There is no packaged install spec (instruction-only), which lowers direct supply risk. The orchestrator itself does not download arbitrary archives, but its install flow relies on the ClawHub CLI (and the README shows git clone as an option). Using clawhub/git/npm means network downloads and code execution are involved when installing the 11 tools. This is expected for a meta-installer but you should only use it with trusted registries/sources.
Credentials
The skill declares no required environment variables or credentials. The script optionally reads OPENCLAW_WORKSPACE to locate the workspace, which is reasonable. There are no unexplained requests for tokens/keys in the metadata or SKILL.md.
Persistence & Privilege
always is false and the skill is user-invocable. It will run subcommands that can modify the workspace and installed skills (setup, protect, update), which is normal for an orchestrator. There is no evidence it tries to force persistent inclusion or modify other skills' configs beyond operating on the workspace.
Scan Findings in Context
[pre-scan-none] expected: Static pre-scan reported no injection signals. Given the orchestrator's role (running other scripts), absence of simple regex flags is plausible; runtime risk is that installed skills executed by this orchestrator may include risky behavior.
What to consider before installing
This skill is an orchestrator that will run many other skill scripts inside whatever workspace you point it at. Before installing or running it: 1) Verify the source and repository — this package has no homepage and an unknown origin. 2) Expect it to call the ClawHub CLI or git/npm to fetch other tools; only allow that if you trust those package sources. 3) Inspect the code of the orchestrator and the individual security skill packages (scripts under workspace/*) before running setup/update/protect — they will be executed and can read/modify your files. 4) Run initial tests in an isolated or disposable workspace (or VM/container) and back up important data. 5) Ask the maintainer to clarify the README contradiction about 'no external dependencies' and to provide a verifiable homepage or repository before trusting it in a production environment.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔒 Clawdis
OSmacOS · Linux · Windows
Binspython3
SKILL.md
OpenClaw Security Suite
One skill to install, configure, and orchestrate the entire OpenClaw security stack.
Install All Security Tools
python3 {baseDir}/scripts/security.py install --workspace /path/to/workspace
Installs all 11 free security skills from ClawHub.
Unified Dashboard
python3 {baseDir}/scripts/security.py status --workspace /path/to/workspace
Aggregated health check across all installed security tools.
Full Security Scan
python3 {baseDir}/scripts/security.py scan --workspace /path/to/workspace
Runs every scanner: integrity verification, secret detection, permission audit, network DLP, supply chain analysis, injection scanning, credential exposure, and compliance audit.
First-Time Setup
python3 {baseDir}/scripts/security.py setup --workspace /path/to/workspace
Initializes all tools that need it: integrity baseline, skill signing, audit ledger, compliance policy.
Update All Tools
python3 {baseDir}/scripts/security.py update --workspace /path/to/workspace
Updates all installed security skills to latest versions via ClawHub.
List Installed Tools
python3 {baseDir}/scripts/security.py list --workspace /path/to/workspace
Shows which security tools are installed and their versions.
Pro Protection Sweep
python3 {baseDir}/scripts/security.py protect --workspace /path/to/workspace
Runs automated countermeasures across all installed Pro tools. Requires Pro versions.
What Gets Orchestrated
| Tool | Domain | Free | Pro |
|---|---|---|---|
| warden | Workspace integrity, injection detection | Detect | Restore, rollback, quarantine |
| sentry | Secret/credential scanning | Detect | Redact, quarantine |
| arbiter | Permission auditing | Detect | Revoke, enforce |
| egress | Network DLP, exfiltration detection | Detect | Block, allowlist |
| ledger | Hash-chained audit trail | Record | Freeze, forensics |
| signet | Cryptographic skill signing | Verify | Reject, restore |
| sentinel | Supply chain security | Scan | Quarantine, block |
| vault | Credential lifecycle | Audit | Fix, rotate |
| bastion | Prompt injection defense | Scan | Sanitize, enforce |
| marshal | Compliance/policy enforcement | Audit | Enforce, hooks |
| triage | Incident response & forensics | Investigate | Contain, remediate |
Requirements
- Python 3.8+
- No external dependencies (stdlib only)
- Cross-platform: Windows, macOS, Linux
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…