ClawHub

Security Hardener

v1.0.0

Audit and harden OpenClaw configuration for security. Scans openclaw.json for vulnerabilities, exposed credentials, insecure gateway settings, overly permiss...

1· 1.8k·15 current·15 all-time
by@mariusfit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the tool inspects OpenClaw config files, checks gateway/auth/exec/agent settings, scans for API-key patterns, and checks file permissions. No unrelated binaries, installs, or external services are required.
Instruction Scope
SKILL.md and the script restrict operations to local config files (default ~/.openclaw/openclaw.json or a supplied path) and config directory permissions. The 'fix' command (per README/SKILL.md) will modify local config files (it claims to create backups first) — this is expected for a hardener but users should review fixes before applying them.
Install Mechanism
No install spec or external downloads — the skill is instruction-only with a bundled Python script. This minimizes supply-chain risk.
Credentials
No environment variables or credentials are requested. The script scans for many common API-key formats (Anthropic, OpenAI, Google, GitHub, Slack, etc.), which is appropriate for a secret scanner targeting OpenClaw configs.
Persistence & Privilege
always is false; the skill does not request persistent/platform-wide privileges. It operates locally and only modifies files when the user runs 'fix'. Autonomous invocation is permitted by default for skills but is not combined with other red flags here.
Assessment
This tool appears coherent and local-only, but be cautious before running automatic fixes: 1) Run an initial 'audit' (read-only) and/or 'audit -f json' to review findings. 2) Inspect the generated report and any suggested fixes; consider backing up your config manually even if the script claims to create backups. 3) If you run 'fix', review the script or the backup to confirm changes are safe. 4) Note the secret scanner may produce false positives; verify any 'exposed keys' before rotating credentials. 5) Because the tool suggests moving keys to ~/.openclaw/.env, ensure that file is created and restricted (chmod 600). If you want extra assurance, run the script in a controlled environment or inspect scripts/hardener.py in full before invoking write operations.

Like a lobster shell, security has layers — review code before you run it.

auditvk971h9mrykez2bztgeypqbvqr181p9aehardeningvk971h9mrykez2bztgeypqbvqr181p9aelatestvk971h9mrykez2bztgeypqbvqr181p9aeopenclawvk971h9mrykez2bztgeypqbvqr181p9aesecurityvk971h9mrykez2bztgeypqbvqr181p9ae

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments