ClawHub

Openclaw Security Toolkit

v1.0.0

Security guard for OpenClaw users. Audit configs, scan secrets, manage access, and generate security reports.

0· 1.5k·9 current·9 all-time
by@hkall

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hkall/openclaw-security-toolkit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Openclaw Security Toolkit" (hkall/openclaw-security-toolkit) from ClawHub.
Skill page: https://clawhub.ai/hkall/openclaw-security-toolkit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-security-toolkit

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-security-toolkit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (audit, secret-scan, access control, token management) match the included scripts and config. The tool inspects ~/.openclaw paths, produces reports, and offers fixes/rotation — all consistent with the stated purpose. No unrelated external credentials or unusual binaries are required.
Instruction Scope
SKILL.md instructs running local Python scripts which scan and modify OpenClaw configuration files (e.g., ~/.openclaw/openclaw.json, ~/.openclaw/.env, ~/.openclaw/credentials/). This is expected for a security tool, but the instructions allow actions that modify local config (e.g., --fix, token rotation), so users should expect writes to local files and potential printing of new tokens to stdout.
Install Mechanism
No install spec is provided (instruction-only). The package contains Python scripts that rely on the stdlib; nothing is downloaded or executed from remote URLs during install. Risk from install mechanism is low.
Credentials
The skill does not declare required environment variables or credentials. It scans local config files for secrets (OpenAI keys, AWS keys, etc.), which is proportional to its stated purpose. No unexpected credentials or unrelated environment access are requested.
Persistence & Privilege
always is false. The tool can be invoked by the model (default platform behavior). The code can modify the OpenClaw config and rotate tokens when run with --fix/rotate, which is legitimate for a hardening tool but increases impact if executed without user control. There is no attempt to alter other skills' configs or persist itself into the agent runtime beyond standard local file writes.
Assessment
This skill is coherent with its stated purpose: it reads OpenClaw configuration and credential files and can auto-fix issues or rotate tokens. Before installing or running with --fix/rotate: 1) Verify the skill source/author (metadata points to a GitHub repo but 'homepage' is none). 2) Back up your OpenClaw config (~/.openclaw/) because the tool may write changes. 3) Be aware token rotation and some fixes will write tokens into config and may print new tokens to stdout — avoid running where logs are captured. 4) Prefer a dry-run first (where supported) to review planned changes. 5) If you will allow autonomous invocation, remember the tool can modify local config; only enable autonomous use if you trust the code and source.

Like a lobster shell, security has layers — review code before you run it.

latestvk9752h6q0ngm7gnpm5h6nep7p182q3j3
1.5kdownloads
0stars
2versions
Updated 1mo ago
v1.0.0
MIT-0
@hkall
latest
Download

OpenClaw Security Guard

A comprehensive security tool for OpenClaw users to protect their AI assistant.

Features

  • 🔍 Security Audit - Comprehensive security configuration check
  • 🔐 Secret Scanner - Detect exposed API keys and tokens
  • 👥 Access Control - Manage devices, users, and permissions
  • 🔑 Token Manager - Rotate and validate tokens
  • 📊 Security Report - Generate detailed security reports
  • 🛡️ Hardening - Apply security best practices

Requirements

  • Python 3.6+
  • No external dependencies (uses stdlib)

Commands

# Run security audit
python3 {baseDir}/scripts/main.py audit

# Scan for secrets
python3 {baseDir}/scripts/main.py scan

# Generate report
python3 {baseDir}/scripts/main.py report --format md

# Check token status
python3 {baseDir}/scripts/main.py token status

# Access control
python3 {baseDir}/scripts/main.py access list

# Security hardening
python3 {baseDir}/scripts/main.py harden --fix

# Quick status check
python3 {baseDir}/scripts/main.py status

Options

--format, -f <format>    Output format: json, md, table (default: table)
--lang, -l <lang>        Language: en, zh (default: auto-detect)
--quiet, -q              Quiet mode, only output results
--verbose, -v            Verbose output
--output, -o <file>      Output file path
--deep                   Deep scan mode
--fix                    Auto-fix issues where possible

Security Checks

CategoryChecks
ConfigGateway bind, auth mode, token strength
SecretsAPI keys, tokens, passwords, private keys
AccessDevices, users, channels, sessions
NetworkPublic exposure, open ports

Examples

# Full audit with auto-fix
python3 {baseDir}/scripts/main.py audit --deep --fix

# Generate markdown report
python3 {baseDir}/scripts/main.py report --format md -o security.md

# Scan for specific pattern
python3 {baseDir}/scripts/main.py scan --pattern "sk-"

# List all paired devices
python3 {baseDir}/scripts/main.py access devices

# Generate JSON report
python3 {baseDir}/scripts/main.py report --format json

Output Formats

Table (default)

🔐 OpenClaw Security Guard v1.0.0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

📊 Security Score: 72/100 ⚠️

🔴 HIGH RISK
  • API Key exposed in config file
    Location: ~/.openclaw/openclaw.json:15

JSON

{
  "score": 72,
  "findings": [...]
}

Markdown

# Security Report
**Score**: 72/100

Languages

  • English (en)
  • 中文 (zh)

Auto-detected based on system locale.

License

MIT

Version

v1.0.0

Comments

Loading comments...