ClawHub

Openclaw Security Toolkit

Security guard for OpenClaw users. Audit configs, scan secrets, manage access, and generate security reports.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 233 · 1 current installs · 1 all-time installs
by@hkall
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (audit, secret-scan, access control, token management) match the included scripts and config. The tool inspects ~/.openclaw paths, produces reports, and offers fixes/rotation — all consistent with the stated purpose. No unrelated external credentials or unusual binaries are required.
Instruction Scope
SKILL.md instructs running local Python scripts which scan and modify OpenClaw configuration files (e.g., ~/.openclaw/openclaw.json, ~/.openclaw/.env, ~/.openclaw/credentials/). This is expected for a security tool, but the instructions allow actions that modify local config (e.g., --fix, token rotation), so users should expect writes to local files and potential printing of new tokens to stdout.
Install Mechanism
No install spec is provided (instruction-only). The package contains Python scripts that rely on the stdlib; nothing is downloaded or executed from remote URLs during install. Risk from install mechanism is low.
Credentials
The skill does not declare required environment variables or credentials. It scans local config files for secrets (OpenAI keys, AWS keys, etc.), which is proportional to its stated purpose. No unexpected credentials or unrelated environment access are requested.
Persistence & Privilege
always is false. The tool can be invoked by the model (default platform behavior). The code can modify the OpenClaw config and rotate tokens when run with --fix/rotate, which is legitimate for a hardening tool but increases impact if executed without user control. There is no attempt to alter other skills' configs or persist itself into the agent runtime beyond standard local file writes.
Assessment
This skill is coherent with its stated purpose: it reads OpenClaw configuration and credential files and can auto-fix issues or rotate tokens. Before installing or running with --fix/rotate: 1) Verify the skill source/author (metadata points to a GitHub repo but 'homepage' is none). 2) Back up your OpenClaw config (~/.openclaw/) because the tool may write changes. 3) Be aware token rotation and some fixes will write tokens into config and may print new tokens to stdout — avoid running where logs are captured. 4) Prefer a dry-run first (where supported) to review planned changes. 5) If you will allow autonomous invocation, remember the tool can modify local config; only enable autonomous use if you trust the code and source.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9752h6q0ngm7gnpm5h6nep7p182q3j3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

OpenClaw Security Guard

A comprehensive security tool for OpenClaw users to protect their AI assistant.

Features

  • 🔍 Security Audit - Comprehensive security configuration check
  • 🔐 Secret Scanner - Detect exposed API keys and tokens
  • 👥 Access Control - Manage devices, users, and permissions
  • 🔑 Token Manager - Rotate and validate tokens
  • 📊 Security Report - Generate detailed security reports
  • 🛡️ Hardening - Apply security best practices

Requirements

  • Python 3.6+
  • No external dependencies (uses stdlib)

Commands

# Run security audit
python3 {baseDir}/scripts/main.py audit

# Scan for secrets
python3 {baseDir}/scripts/main.py scan

# Generate report
python3 {baseDir}/scripts/main.py report --format md

# Check token status
python3 {baseDir}/scripts/main.py token status

# Access control
python3 {baseDir}/scripts/main.py access list

# Security hardening
python3 {baseDir}/scripts/main.py harden --fix

# Quick status check
python3 {baseDir}/scripts/main.py status

Options

--format, -f <format>    Output format: json, md, table (default: table)
--lang, -l <lang>        Language: en, zh (default: auto-detect)
--quiet, -q              Quiet mode, only output results
--verbose, -v            Verbose output
--output, -o <file>      Output file path
--deep                   Deep scan mode
--fix                    Auto-fix issues where possible

Security Checks

CategoryChecks
ConfigGateway bind, auth mode, token strength
SecretsAPI keys, tokens, passwords, private keys
AccessDevices, users, channels, sessions
NetworkPublic exposure, open ports

Examples

# Full audit with auto-fix
python3 {baseDir}/scripts/main.py audit --deep --fix

# Generate markdown report
python3 {baseDir}/scripts/main.py report --format md -o security.md

# Scan for specific pattern
python3 {baseDir}/scripts/main.py scan --pattern "sk-"

# List all paired devices
python3 {baseDir}/scripts/main.py access devices

# Generate JSON report
python3 {baseDir}/scripts/main.py report --format json

Output Formats

Table (default)

🔐 OpenClaw Security Guard v1.0.0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

📊 Security Score: 72/100 ⚠️

🔴 HIGH RISK
  • API Key exposed in config file
    Location: ~/.openclaw/openclaw.json:15

JSON

{
  "score": 72,
  "findings": [...]
}

Markdown

# Security Report
**Score**: 72/100

Languages

  • English (en)
  • 中文 (zh)

Auto-detected based on system locale.

License

MIT

Version

v1.0.0

Files

20 total
Select a file
Select a file to preview.

Comments

Loading comments…