ClawHub

ClawGuard-Checker

v3.0.0

ClawGuard Security Checker v3 - Advanced configuration analysis, runtime integrity verification, permission modeling, and one-click hardening recommendations

0· 81·0 current·0 all-time
by@stardreaming
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (ClawGuard security checker) align with the included files (cli.js, src/checker.js), SKILL.md, and package.json. The code implements configuration, credential, network, and sandbox checks as described; no unrelated cloud credentials, binaries, or opaque external services are requested.
Instruction Scope
SKILL.md and the CLI direct the agent to read the OpenClaw config (~/.openclaw/openclaw.json), inspect config-related files, search for exposed secrets, check permissions (including SSH keys), and optionally run a deep check. Those actions are expected for a security auditor, but the 'search for exposed secrets' / 'deep' modes are somewhat open-ended and could read additional files (logs, .env files, etc.). Users should be aware deep mode may access other local files and keys.
Install Mechanism
No install spec that downloads remote archives or runs installers; package is distributed as source files (cli.js, src/checker.js, package.json) with no external dependencies. This minimizes install risk.
Credentials
The skill does not request environment variables, credentials, or external tokens. It inspects local configuration and files only, which is proportionate to its stated purpose. There are no unrelated secrets requested.
Persistence & Privilege
always: false and no special persistence or system-wide configuration changes are requested. The skill can be invoked autonomously by the agent by default (platform standard), but it does not request elevated privileges or permanent inclusion.
Assessment
This skill appears to be a legitimate local OpenClaw configuration and hardening checker. Before running: (1) review the code (especially the deep-check path) if you are cautious about what files will be read; (2) run without --deep and without --fix first to see the report; (3) do not run as root — run as the user who owns the OpenClaw config; (4) backup your config before applying any generated hardened config; (5) if you use the agent's autonomous invocation, be aware the README suggests auto-trigger phrases that could make the agent run checks when asked; limit that if you don't want automatic scans. Overall, the skill is coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk974xftm8spqxky6zp2wbv57ts846mmh
81downloads
0stars
1versions
Updated 2w ago
v3.0.0
MIT-0
@stardreaming
latest
Download

🔧 ClawGuard Security Checker (CG-SC) v3

Enterprise-grade security configuration analyzer and runtime integrity verifier for OpenClaw environments. Provides comprehensive security posture assessment with advanced configuration analysis, permission modeling, and one-click hardening recommendations.

When to Use

Activate ClawGuard Checker when:

  • A user asks to check the security status of the OpenClaw instance
  • Periodic security review is needed
  • After configuration changes
  • User asks for "security check", "hardening", or "how to secure"

How to Execute

Follow these steps when performing a security check:

Step 1: Check Configuration File

  • Find and read ~/.openclaw/openclaw.json
  • Verify these security settings:
    • gateway.bind should be "localhost" (not "0.0.0.0" or "lan")
    • gateway.tls.enabled should be true
    • gateway.auth.deviceAuth should be true
    • tools.profile should be "restricted" (not "full")
    • tools.fs.workspaceOnly should be true

Step 2: Check for Exposed Credentials

Search for exposed secrets in:

  • Config files (API keys, tokens, passwords)
  • Environment files (.env)
  • Log files

Step 3: Check File Permissions

Verify these permissions:

  • ~/.openclaw/openclaw.json should be 600 (owner read/write only)
  • ~/.openclaw/ directory should be 700
  • SSH keys should be 600
  • Not running as root user

Step 4: Check Network Settings

  • Gateway port should not be exposed to 0.0.0.0
  • Trusted proxies should be limited
  • Rate limiting should be enabled

Step 5: Generate Hardening Recommendations (v3)

Based on findings, generate specific recommendations:

  • CRITICAL issues: Generate immediate fix
  • HIGH issues: Generate configuration changes
  • MEDIUM issues: Suggest improvements

Step 6: Output Result

Calculate security score and output:

  • Score: 0-100
  • Grade: A+ to F
  • List of issues found
  • Hardening recommendations (v3)

Purpose

ClawGuard Security Checker is the second line of defense, providing continuous security posture monitoring for OpenClaw instances. It verifies:

  • Configuration Security: Comprehensive analysis of OpenClaw configuration files
  • Runtime Integrity: Cryptographic verification of system files and runtime components
  • Permission Modeling: Advanced permission analysis and least-privilege enforcement
  • Network Security: Multi-layered network policy validation
  • Log Forensics: AI-powered anomaly detection in audit logs
  • Compliance: Security benchmark compliance checking
  • Hardening (v3): One-click security configuration generation

Core Workflow

┌─────────────────────────────────────────────────────────────────┐
│               CLAWGUARD SECURITY CHECKER WORKFLOW               │
└─────────────────────────────────────────────────────────────────┘

    [Scheduled/Manual Check Trigger]
                │
                ▼
    ┌───────────────────────┐
    │  1. CONFIGURATION     │ ← Parse and validate openclaw.json
    │     ANALYSIS           │
    └───────────┬───────────┘
                │ PASS
                ▼
    ┌───────────────────────┐
    │  2. CREDENTIAL SCAN   │ ← Detect exposed secrets
    └───────────┬───────────┘
                │ PASS
                ▼
    ┌───────────────────────┐
    │  3. PERMISSION        │ ← File/directory permission analysis
    │     MODELING           │
    └───────────┬───────────┘
                │ PASS
                ▼
    ┌───────────────────────┐
    │  4. RUNTIME INTEGRITY │ ← SHA-256 + quantum-resistant hashes
    └───────────┬───────────┘
                │ PASS
                ▼
    ┌───────────────────────┐
    │  5. NETWORK SECURITY  │ ← Port, firewall, proxy analysis
    └───────────┬───────────┘
                │ PASS
                ▼
    ┌───────────────────────┐
    │  6. HARDENING (v3)   │ ← Generate security recommendations
    └───────────┬───────────┘
                │ PASS
                ▼
         [SECURITY REPORT]

Phase 1: Configuration Analysis

Configuration File Schema

The analyzer examines openclaw.json for security-relevant settings:

{
  "gateway": {
    "bind": "localhost",
    "port": 8080,
    "tls": {
      "enabled": true,
      "certPath": "/path/to/cert.pem",
      "keyPath": "/path/to/key.pem"
    },
    "auth": {
      "deviceAuth": true,
      "tokenExpiry": 3600
    },
    "cors": {
      "allowedOrigins": ["https://example.com"]
    }
  },
  "tools": {
    "profile": "restricted",
    "fs": {
      "workspaceOnly": true,
      "allowedPaths": ["/workspace/*"]
    },
    "network": {
      "egressRestrictions": true,
      "allowedDomains": ["api.github.com", "api.openai.com"]
    },
    "exec": {
      "allowedCommands": ["git", "npm", "node"]
    }
  },
  "security": {
    "update": {
      "checkOnStart": true,
      "autoUpdate": false
    },
    "audit": {
      "enabled": true,
      "retentionDays": 30
    }
  }
}

Configuration Security Checks

CheckSeverityPointsDetection Rule
Gateway bind 0.0.0.0CRITICAL-20gateway.bind === "0.0.0.0"
Gateway bind lanHIGH-15gateway.bind === "lan"
CORS * allowedHIGH-15allowedOrigins.includes("*")
tools.exec.security = "full"CRITICAL-20tools.exec.security === "full"
Device auth disabledHIGH-15deviceAuth === false
Token expiry > 24hMEDIUM-5tokenExpiry > 86400
TLS not enabledHIGH-15tls.enabled === false
fs.workspaceOnly falseHIGH-15fs.workspaceOnly === false
Sandbox disabledHIGH-15sandbox.enabled === false
No egress restrictionsHIGH-10network.egressRestrictions === false

Hardening Recommendations (v3)

IssueCurrentRecommended
Gateway bind"0.0.0.0""127.0.0.1"
Auth modenull or "none""token"
Exec security"full""allowlist"
Sandboxenabled: falseenabled: true
TLSenabled: falseenabled: true
CORSorigin: "*"origin: ["your-domain.com"]

Phase 2: Credential Exposure Detection

Multi-Layer Credential Scanning

LayerTargetMethod
Layer 1Configuration filesPattern matching
Layer 2Environment files (.env)Direct file scan
Layer 3Log filesHistorical credential check
Layer 4Memory dumpsProcess memory (optional)

Enhanced Credential Detection (v3)

const CREDENTIAL_PATTERNS = [
  // API Keys
  { pattern: /sk-[a-zA-Z0-9]{20,}/g, type: 'openai_key', severity: 'CRITICAL' },
  { pattern: /sk-ant-[a-zA-Z0-9_-]{20,}/g, type: 'anthropic_key', severity: 'CRITICAL' },
  { pattern: /AKIA[0-9A-Z]{16}/g, type: 'aws_access_key', severity: 'CRITICAL' },
  { pattern: /ghp_[a-zA-Z0-9]{36}/g, type: 'github_token', severity: 'CRITICAL' },
  { pattern: /gho_[a-zA-Z0-9]{36}/g, type: 'github_oauth', severity: 'CRITICAL' },
  { pattern: /glpat-[a-zA-Z0-9_-]{20}/g, type: 'gitlab_token', severity: 'CRITICAL' },

  // Private Keys
  { pattern: /-----BEGIN (RSA |DSA |EC |OPENSSH) PRIVATE KEY-----/g, type: 'private_key', severity: 'CRITICAL' },

  // Generic Secrets
  { pattern: /api[_-]?key["\s:=]+[a-zA-Z0-9]{16,}/gi, type: 'api_key', severity: 'HIGH' },
  { pattern: /password["\s:=]+["'][^"']{8,}["']/gi, type: 'password', severity: 'HIGH' },
];

Detection Rules

Credential TypePatternSeverityAction
AWS Access KeyAKIA...CRITICALAlert + Rotate
GitHub Tokenghp_...CRITICALAlert + Revoke
OpenAI Keysk-...CRITICALAlert + Revoke
Private Key-----BEGIN...CRITICALAlert + Alert SOC
Weak Password< 12 charsHIGHAlert + Change

Phase 3: Permission Modeling

File System Permission Analysis

const CRITICAL_PATHS = [
  { path: '~/.openclaw/openclaw.json', expectedMode: '600', severity: 'HIGH' },
  { path: '~/.openclaw/', expectedMode: '700', severity: 'HIGH' },
  { path: '~/.ssh/', expectedMode: '700', severity: 'CRITICAL' },
  { path: '~/.aws/', expectedMode: '700', severity: 'CRITICAL' },
];

Permission Check Matrix

CheckSeverityPointsRule
Config file world-readableCRITICAL-20Mode & 007 !== 0
Config file group-readableHIGH-10Mode & 070 !== 0
SSH keys world-readableCRITICAL-20Mode & 004 !== 0
Running as rootCRITICAL-25UID === 0
Workspace world-writableHIGH-15Mode & 002 !== 0

Phase 4: Network Security Analysis

Port and Binding Analysis

CheckSeverityPointsDetection
Gateway on 0.0.0.0CRITICAL-20Exposed to all interfaces
Gateway on lanHIGH-15Exposed to local network
Gateway on localhostLOW0Only local access
TLS disabledHIGH-15Unencrypted communication

Network Security Checks

const NETWORK_SECURITY_CHECKS = [
  {
    check: 'rate_limiting',
    rule: (config) => config.rateLimit?.enabled === true,
    severity: 'HIGH',
    points: -10,
    message: 'Rate limiting not enabled',
    fix: { rateLimit: { enabled: true, max: 100, windowMs: 60000 } }
  },
  {
    check: 'egress_whitelist',
    rule: (config) => config.network?.allowedDomains?.length > 0,
    severity: 'HIGH',
    points: -10,
    message: 'No egress domain whitelist configured',
    fix: { network: { allowedDomains: ['api.github.com', 'api.openai.com'] } }
  },
  {
    check: 'trusted_proxies',
    rule: (config) => config.trustedProxies?.length <= 2,
    severity: 'MEDIUM',
    points: -5,
    message: 'Limited proxy trust configured'
  }
];

Phase 5: Hardening Recommendations (v3 核心功能)

One-Click Hardening

Based on detected issues, generate hardened configuration:

const HARDEENING_RULES = {
  // Gateway Hardening
  gateway: {
    bind: { value: '127.0.0.1', reason: 'Only local access' },
    tls: { value: { enabled: true }, reason: 'Encrypted communication' },
    auth: { value: { mode: 'token', token: '<GENERATE>' }, reason: 'Authentication required' },
    rateLimit: { value: { enabled: true, max: 100, windowMs: 60000 }, reason: 'DDoS protection' },
    cors: { value: { enabled: true, origin: [], credentials: true }, reason: 'Controlled access' }
  },

  // Tools Hardening
  tools: {
    exec: {
      security: { value: 'allowlist', reason: 'Controlled execution' },
      allowlist: { value: ['ls', 'cat', 'grep', 'find', 'echo', 'pwd'], reason: 'Minimal command set' }
    },
    fs: {
      workspaceOnly: { value: true, reason: 'File system isolation' }
    }
  },

  // Sandbox Hardening
  sandbox: {
    enabled: { value: true, reason: 'Runtime isolation' },
    allowedPaths: { value: ['/tmp', '~/workspace'], reason: 'Controlled file access' },
    deniedPaths: { value: ['/home', '/root', '/etc', '/var'], reason: 'Protect system files' },
    maxMemory: { value: 512, reason: 'Resource limit' },
    timeout: { value: 60000, reason: 'Execution timeout' }
  }
};

Hardened Config Example

{
  "gateway": {
    "bind": "127.0.0.1",
    "auth": {
      "mode": "token",
      "token": "<GENERATE: crypto.randomBytes(32).toString('hex')>"
    },
    "tls": {
      "enabled": true
    },
    "rateLimit": {
      "enabled": true,
      "max": 100,
      "windowMs": 60000
    }
  },
  "tools": {
    "exec": {
      "security": "allowlist",
      "allowlist": ["ls", "cat", "grep", "find", "echo", "pwd"]
    },
    "fs": {
      "workspaceOnly": true
    }
  },
  "sandbox": {
    "enabled": true,
    "allowedPaths": ["/tmp", "~/workspace"],
    "deniedPaths": ["/home", "/root", "/etc", "/var"],
    "maxMemory": 512,
    "timeout": 60000
  },
  "logging": {
    "enabled": true,
    "level": "info",
    "auditLog": true
  }
}

Security Scoring

Scoring Formula

SECURITY_SCORE = 100 - CONFIG_PENALTY - CREDENTIAL_PENALTY - PERMISSION_PENALTY - NETWORK_PENALTY

Where:
- CONFIG_PENALTY = CRITICAL*20 + HIGH*15 + MEDIUM*5
- CREDENTIAL_PENALTY = CRITICAL*25 + HIGH*15 + MEDIUM*5
- PERMISSION_PENALTY = CRITICAL*25 + HIGH*15 + MEDIUM*5
- NETWORK_PENALTY = CRITICAL*20 + HIGH*15 + MEDIUM*5

Score Classification

GradeScoreColorAction
A+95-100🟢Excellent - Continue monitoring
A90-94🟢Good - Minor improvements possible
B80-89🟢Satisfactory - Address warnings
C70-79🟡Fair - Fix within 1 week
D60-69🟠Poor - Fix within 24 hours
F0-59🔴Critical - Fix immediately

Output Formats

Terminal Output (v3)

╔══════════════════════════════════════════════════════════════╗
║        🔧 CLAWGUARD SECURITY CHECK REPORT v3.0.0   ║
╠══════════════════════════════════════════════════════════════╣
║ Instance: openclaw-abc123                              ║
║ Time: YYYY-MM-DD HH:MM:SS                             ║
╚══════════════════════════════════════════════════════════════╝

▶ GATEWAY SECURITY [-35]
  🔴 [CRITICAL] Gateway bind: 0.0.0.0 (exposed)
     Fix: Set gateway.bind = "127.0.0.1"
  🔴 [CRITICAL] Auth disabled
     Fix: Set gateway.auth.mode = "token"
  🟡 [HIGH] TLS not enabled
     Fix: Set gateway.tls.enabled = true

▶ TOOLS SECURITY [-20]
  🔴 [CRITICAL] Exec security: full
     Fix: Set tools.exec.security = "allowlist"
     and add: tools.exec.allowlist = ["ls", "cat", "grep", ...]

▶ SANDBOX [-15]
  🟠 [HIGH] Sandbox disabled
     Fix: Set sandbox.enabled = true

▶ CREDENTIALS [0]
  ✓ No exposed credentials

▶ PERMISSIONS [0]
  ✓ Config file mode 600
  ✓ Directory mode 700

╔══════════════════════════════════════════════════════════════╗
║ SECURITY GRADE: F (30/100)                              ║
╠══════════════════════════════════════════════════════════════╣
║ CRITICAL: 3 | HIGH: 2 | MEDIUM: 0                     ║
╠══════════════════════════════════════════════════════════════╣
║ 🛡️ HARDENING RECOMMENDATION (v3)                      ║
║                                                        ║
║ Run with --fix to generate hardened configuration:     ║
║   node cli.js --fix                                   ║
╚══════════════════════════════════════════════════════════════╝

v3 vs v2 Features

Featurev2v3
Configuration Analysis
Credential Detection
Permission Modeling
Network Security
Log Forensics
Hardening Recommendations✅ (v3)
One-Click Fix Generation✅ (v3)
Automated Config Generation✅ (v3)
Security Grade A-FBasicEnhanced (v3)

ClawGuard Security Checker: Vigilant protection for your AI agents. 🔧

Comments

Loading comments...