ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenA2A Security

v1.0.0

Security hardening for OpenClaw. Audit your configuration, scan installed skills for malware, detect CVE-2026-25253, check credential exposure, and get actio...

0· 522· 1 versions· 0 current· 0 all-time· Updated 7h ago· MIT-0
byAbdel Fane@abdelsfane

Security Scans

VirusTotalBenignClawScanSuspiciousStatic analysisBenign

Install

openclaw skills install opena2a-security

OpenA2A Security for OpenClaw

Security auditing and hardening for OpenClaw installations. Scan your configuration, detect known vulnerabilities, audit installed skills for malicious code, and get specific remediation steps.

This skill runs entirely locally. No data leaves your machine. No API keys required.

What You Can Ask

Quick Security Check

Ask for a fast overview of your security posture:

"Run a security audit on my OpenClaw setup"

"Is my OpenClaw configuration secure?"

"Check my OpenClaw for known vulnerabilities"

CVE-2026-25253 Detection

Check if your OpenClaw instance is vulnerable to the WebSocket hijack RCE (CVSS 8.8):

"Am I vulnerable to CVE-2026-25253?"

"Check for the OpenClaw WebSocket vulnerability"

Skill Scanning

Scan installed skills for malicious code patterns (command injection, data exfiltration, obfuscated payloads, crypto mining):

"Scan my installed skills for malware"

"Is the weather-bot skill safe?"

"Check all my skills for security issues"

Credential Audit

Check for exposed credentials, weak file permissions, and plaintext storage:

"Are my API keys and tokens stored securely?"

"Check my credential file permissions"

Configuration Hardening

Get specific recommendations for hardening your OpenClaw config:

"How do I harden my OpenClaw configuration?"

"What security settings should I change?"

How It Works

This skill uses HackMyAgent, an open-source security scanner with 47 OpenClaw-specific checks across these categories:

Skill Security (6 checks)

CheckWhat It Detects
SKILL-001Command injection via shell execution
SKILL-002Dynamic code execution (eval, Function, vm)
SKILL-003Data exfiltration to external endpoints
SKILL-004Obfuscated code (base64, hex, charcode)
SKILL-005Crypto mining indicators
SKILL-006Path traversal outside skill directory

Credential Security (4 checks)

CheckWhat It Detects
CRED-001Credentials exposed via gateway API
CRED-002Credential files with world-readable permissions
CRED-003Plaintext credential storage without encryption
CRED-004Timing side-channel in authentication

Gateway Security (4 checks)

CheckWhat It Detects
GW-001Missing rate limiting on endpoints
GW-002SSRF-vulnerable URL fetch handlers
GW-003Missing or incomplete security headers
GW-004CVE-2026-25253 WebSocket hijack vulnerability

Supply Chain (4 checks)

CheckWhat It Detects
SC-001npm install without --ignore-scripts
SC-002Unpinned or pre-release dependencies
SC-003Missing skill signing or hash verification
SC-004Known ClawHavoc malicious skill patterns

Running Scans

When asked to perform a scan, run the following commands:

Full Security Audit

npx hackmyagent secure ~/.openclaw

Scan a Specific Skill

npx hackmyagent scan --skill <skill-name>

CVE Detection Only

npx hackmyagent scan --cve ~/.openclaw

Configuration Audit

npx hackmyagent audit ~/.openclaw/config.json5

Generate Security Report

npx hackmyagent secure ~/.openclaw --format html --output security-report.html

Output formats: text, json, sarif, html, asp

Security Recommendations

When providing recommendations, reference these priority levels:

Do Immediately

  1. Update OpenClaw to the latest version (patches CVE-2026-25253, credential redaction, timing-safe auth, lifecycle script blocking)
  2. Run npx hackmyagent secure to identify your current exposure
  3. Review installed skills — remove any you do not actively use
  4. Check file permissions — credential files should be 0600, not world-readable

Configuration Changes

Recommend these config.json5 changes when relevant:

  • Set gateway.auth to a strong token (32+ characters, randomly generated)
  • Set gateway.host to 127.0.0.1 (loopback only) unless remote access is required
  • Disable unused channel integrations
  • Set plugins.allowUnsafe to false
  • Enable Docker sandbox mode when available

For Skill Publishers

  • Do not hardcode API keys in skill code — use environment variables
  • Declare minimum required permissions in SKILL.md frontmatter
  • Do not use eval(), Function(), or child_process.exec() with user input
  • Do not fetch external URLs at install time

Interpreting Results

When presenting scan results to the user:

  • CRITICAL findings require immediate action — explain the specific risk and provide the fix command
  • HIGH findings should be addressed before deploying to production
  • MEDIUM findings are defense-in-depth improvements
  • LOW findings are best-practice recommendations

Always explain findings in plain language. Not every user is a security expert. State what the risk is, who could exploit it, and exactly how to fix it.

Background

This skill is built by OpenA2A (opena2a.org), the team behind 6 merged security patches in OpenClaw main:

PRFix
#9806Skill code safety scanner (19 detection rules, +1,721 lines)
#9858Credential redaction for gateway WebSocket responses
#10525Path traversal fix in A2UI file serving
#10527Timing-safe comparison for hook token auth
#10528Blocked npm lifecycle scripts during plugin install
#10529File permission enforcement on WhatsApp credentials

Scanner: https://www.npmjs.com/package/hackmyagent Source: https://github.com/opena2a-org/hackmyagent Threat model: https://github.com/openclaw/trust/pull/7

Version tags

latestvk9741rg7b6s341re7ta1kt1ey981ffe8