ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Stiff-Sec — OpenClaw Security Hardener

v1.0.0

Audit and securely harden OpenClaw setups by enforcing strict permissions, disabling elevated access, fixing proxy warnings, and backing up configs automatic...

0· 47·0 current·0 all-time
by@sf-dev-systems
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The declared purpose (audit and harden OpenClaw configs) matches the files: both scripts operate on ~/.openclaw/openclaw.json and create backups. That capability is coherent with the name and description.
!
Instruction Scope
SKILL.md/README claim features that are not implemented or are implemented inconsistently: README and SKILL.md claim a SHA-256 tamper-detecting lockfile and detailed MEMORY.md logging, but scripts do not write a SHA-256 to .stiffened nor update MEMORY.md. SKILL.md says it will 'restrict file permissions to current user only' and set certain fields (dnsResultOrder, tools.exec.ask), but stiffen.py does not change file permissions or set exec.ask/dnsResultOrder. audit.py prints partial secret previews (reads plaintext values), which could leak sensitive substrings into logs; it only scans openclaw.json and does not exfiltrate, but the outputs reveal secrets to whoever runs it.
Install Mechanism
No install spec — instruction-only with bundled scripts. No network downloads or package installs are performed by the skill itself.
Credentials
No environment variables, credentials, or external endpoints are requested. The scripts only read/write files under ~/.openclaw and create a .stiffened lockfile in the current working directory.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or global agent settings. It does write backups to ~/.openclaw/backups and writes .stiffened in the current working directory; these are reasonable for a hardening tool but are persistent filesystem changes the user should expect.
What to consider before installing
This skill will modify your ~/.openclaw/openclaw.json when you run 'apply' (it creates a backup first). However, several claimed safeguards are missing or broken: the tool advertises writing a SHA‑256 to .stiffened for tamper detection but stiffen.py only writes a human-readable .stiffened without any hash, so verify-checking will report 'No SHA-256 found'. The code also does not actually change filesystem permissions despite claiming to do so, and it may not set some fields the README promises. Before running 'apply': (1) manually inspect the two scripts (already included) and confirm the exact mutations; (2) copy a separate manual backup of ~/.openclaw/openclaw.json to an external safe location; (3) run 'audit' first to see findings and note that audit prints secret previews to stdout (avoid running in a place where logs are exposed); (4) consider running stiffen.py in a sandbox or test environment to observe behavior and validate restore works. If you plan to trust this skill long-term, ask the maintainer to fix the inconsistencies (compute and store SHA‑256 in .stiffened, implement permission tightening, and ensure paths used for .stiffened are predictable).

Like a lobster shell, security has layers — review code before you run it.

latestvk97dm5nz6e7p3cbv27fkwmk3zx83rn15

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments