Openclaw Security Guard

Security audit CLI + live dashboard for OpenClaw. Scans for secrets, config issues, prompt injections, vulnerable dependencies, and unverified MCP servers. Zero telemetry.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 969 · 7 current installs · 7 all-time installs

by@miloudbelarebia

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description match the delivered pieces: a Node.js npm package that exposes CLI binaries and implements secrets/config/prompt-injection/dependency/MCP-server scanners and a local dashboard. Required binary (node) and the npm install are proportionate to the stated purpose. The publish metadata omission of a source/homepage in the registry (but SKILL.md includes a GitHub URL) is a small inconsistency worth verifying.

ℹ

Instruction Scope

SKILL.md instructs the tool to scan the user's OpenClaw install (default paths like ~/.openclaw), run an optional auto-fix that edits configuration, and open a localhost dashboard. Those actions are expected for a security auditor. Note: auto-fix modifies user files (claims to backup first) — this is expected but the user should confirm backups and review proposed fixes before running --auto. The docs include example malicious prompt strings (used to demonstrate the prompt-injection detector); that's why prompt-injection patterns appear in the docs.

✓

Install Mechanism

Install uses an npm package (openclaw-security-guard) which is appropriate for a Node.js CLI. npm install is a standard distribution method; npm packages carry typical supply-chain risk, so verify package provenance and version before installing globally.

✓

Credentials

The skill declares no required environment variables or credentials. Documentation references optional env vars (OPENCLAW_HOME, OPENCLAW_GUARD_CONFIG), which is reasonable for a local scanner. No unexplained credential or system-wide config access is requested in metadata or SKILL.md.

✓

Persistence & Privilege

always is false and model invocation is default — normal. The package runs as a CLI and dashboard service and can modify OpenClaw config when asked (auto-hardening). It does not request unwarranted system-wide privileges or attempt to persist across unrelated skills. Verify where the dashboard auth file is stored (docs mention ~/.openclaw-security-guard/auth.json) if you are concerned about local persistence.

Scan Findings in Context

[ignore-previous-instructions] expected: The SKILL.md and docs include example prompt-injection test strings (e.g., 'ignore previous instructions') as part of the Prompt Injection Detector documentation and programmatic examples. The detector flag is expected for a tool that demonstrates such patterns, but you should still review the code for any runtime behavior that executes or forwards untrusted content.

Assessment

This package appears coherent for a local OpenClaw security scanner, but take these precautionary steps before installing or running with --auto: - Verify the npm package and repository: confirm the package on npm matches the GitHub repo referenced in SKILL.md and check the package author/publisher identity. - Grep the source for outbound network calls (http, https, ws, fetch, axios, net.connect) to confirm 'zero telemetry' — focus on dashboard/server.js, monitors/*, and helpers for any external endpoints or hosts. - Review code paths that modify configuration (auto-hardener, fix command) and test fix --dry-run first; ensure backups are created in a location you control. - Inspect where dashboard credentials are stored (~/.openclaw-security-guard/auth.json is mentioned) and secure or delete that file as needed. - Prefer running via npx or in an isolated/sandbox environment initially rather than global install. If you want, I can (1) point to specific files to grep for outbound connections or secrets exfiltration patterns, or (2) run a quick static checklist of the top files (dashboard/server.js, monitors/*, auto-hardener.js) and list lines that look like external network usage. Confidence is medium because the package includes full source (which helps) but registry/source metadata had a small mismatch and claims like 'zero telemetry' should be verified by code inspection.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk972je8dnn8xbbhrenqqhyywpd812ny1

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡 Clawdis

OSmacOS · Linux · Windows

Binsnode

Install

Node

Bins: openclaw-guard, openclaw-security-guard

npm i -g openclaw-security-guard

SKILL.md

OpenClaw Security Guard

The missing security layer for your OpenClaw installation.

What it does

Run openclaw-guard audit to scan your OpenClaw setup across 5 categories:

Secrets Scanner -- Detects API keys, tokens, passwords across 15+ formats + entropy analysis
Config Auditor -- Checks sandbox mode, DM policy, gateway binding, rate limiting
Prompt Injection Detector -- 50+ patterns: instruction overrides, role hijacking, jailbreaks
Dependency Scanner -- npm CVE scanning
MCP Server Auditor -- Allowlist-based verification of installed MCP servers

Quick start

npm install -g openclaw-security-guard

# Full audit
openclaw-guard audit

# Fix issues automatically (with backup)
openclaw-guard fix --auto

# Launch live dashboard
openclaw-guard dashboard

Features

Security Score (0-100) -- one number for your security posture
Auto-hardening -- interactive, automatic, or dry-run modes
Live dashboard -- real-time monitoring at localhost:18790
Pre-commit hooks -- catch secrets before they're committed
Multi-language -- English, French, Arabic
Zero telemetry -- no tracking, no network requests, 100% local

Links

Repository: https://github.com/2pidata/openclaw-security-guard
Author: Miloud Belarebia / 2PiData
License: MIT

Files

25 total

Select a file

Select a file to preview.

Comments

Loading comments…