ClawHub

Baseline Kit

v1.0.1

Generate safer OpenClaw configuration baselines and audit existing config files for exposure, missing controls, and secret hygiene issues.

0· 415·1 current·1 all-time
by@mike007jd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the actual code and instructions. The tool only requires Node and implements profile generation and JSON-based audits; nothing in the package or SKILL.md asks for unrelated cloud credentials or services.
Instruction Scope
SKILL.md instructs running the included CLI to read a user-specified config path and write outputs to a specified --out path. The runtime instructions and code are limited to JSON structure checks, local file read/write, and console output. There are no instructions to access unrelated system files, environment secrets, or external network endpoints.
Install Mechanism
There is no install spec in the registry (instruction-only), and the repo ships a small Node.js CLI. The tool requires only the node binary (Node >=18 per package.json). No remote downloads, package installers, or unusual install steps are present.
Credentials
The skill declares no required environment variables or credentials and the code does not read env vars. It does scan JSON for secret-like keys and emits masked samples in findings — behavior appropriate to an audit tool and aligned with its purpose.
Persistence & Privilege
always is false and the skill does not request permanent platform presence or modify other skills. The agent-invocation defaults are normal; autonomous invocation combined with this tool's limited local I/O presents low risk.
Assessment
This is a small, local Node.js CLI for generating baselines and auditing OpenClaw JSON files; it does not contact external services or request credentials. Before running: ensure you have Node.js 18+, review the included source if you trust the author, and run the provided tests (test.js) in a safe environment. Be careful which config path you audit — the tool will read the file you point it at and will print/write findings (it masks detected secrets but includes partial samples in output and JSON). Avoid pointing it at files you cannot expose to local console/output destinations, and review generated JSON before committing to a repository. If you need extra caution, run the CLI in an isolated container or ephemeral VM.

Like a lobster shell, security has layers — review code before you run it.

auditvk97bzrnv9wn29y0myyks34fnws83p4stbaselinevk97bzrnv9wn29y0myyks34fnws83p4stconfigvk97bzrnv9wn29y0myyks34fnws83p4stlatestvk97bzrnv9wn29y0myyks34fnws83p4stopenclawvk97bzrnv9wn29y0myyks34fnws83p4stsecurityvk97bzrnv9wn29y0myyks34fnws83p4st

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧱 Clawdis
Binsnode

Comments