ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Trent OpenClaw Security Assessment

v1.2.0

Assess your Agent deployment against security risks using Trent.

10· 325·0 current·0 all-time
by@trent-ai-release

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for trent-ai-release/trentclaw.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Trent OpenClaw Security Assessment" (trent-ai-release/trentclaw) from ClawHub.
Skill page: https://clawhub.ai/trent-ai-release/trentclaw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: TRENT_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install trentclaw

ClawHub CLI

Package manager switcher

npx clawhub@latest install trentclaw
Security Scan
Capability signals
CryptoRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and runtime instructions. The package collects OpenClaw metadata, packages workspace/skills, redacts common secret patterns, and uploads packages to Trent using a single API key (TRENT_API_KEY), which is expected for an external analysis service.
Instruction Scope
SKILL.md explicitly describes three phases (collect metadata, scan/package skills, upload with user confirmation, then deep analysis). The code limits reads to ~/.openclaw (or OPENCLAW_WORKSPACE), excludes .env/key files, redacts secrets, and observes size/symlink limits. Note: the skill relies on the agent/automation to obey the 'wait for user confirmation' step — if an agent ignores that instruction the tool can upload packaged code.
Install Mechanism
Instruction-only install (no external installer). All required functionality is bundled in the skill files; no downloads or external install steps are performed by the skill itself.
Credentials
Only TRENT_API_KEY is required (primary credential), plus optional endpoint/workspace overrides. No unrelated credentials or system secrets are requested. The code explicitly excludes common secret file types and applies regex-based redaction before uploading.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously (platform default). Combined with its ability to package and upload workspace code, autonomous invocation increases risk if the agent acts without user approval — SKILL.md asks to prompt the user before uploading, but the platform does not enforce that.
Assessment
This skill appears to do what it says: collect OpenClaw metadata, package workspace skills (with redaction), and upload them to Trent for analysis using TRENT_API_KEY. Before installing or running: 1) Only provide a TRENT_API_KEY you trust (the key gives the remote service ability to accept uploads and run analyses). 2) Review and confirm the upload step when prompted — the code asks you to confirm before uploading, but an automated agent could bypass that prompt. 3) Be aware redaction is regex-based and may miss custom secret formats; remove or move any highly sensitive files (private keys, proprietary data) out of the workspace or keep them in environment variables rather than in files. 4) The client writes streaming output to temp files (tempfile.mktemp is used) — consider specifying output_file or cleaning temp files if you are concerned about local exposure. 5) If you don't want any code leaving your environment, do not confirm uploads; the local metadata-only Phase 1 and the system_analysis output functions can be used for limited local inspection. If you need more assurance, review the code yourself or run it in an isolated environment before granting the TRENT_API_KEY.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvTRENT_API_KEY
Primary envTRENT_API_KEY
assessmentvk9785jky7w199p8fbge0d7zm2x84wdbalatestvk9785jky7w199p8fbge0d7zm2x84wdbasecurityvk9785jky7w199p8fbge0d7zm2x84wdbathreat-modelingvk9785jky7w199p8fbge0d7zm2x84wdbatrentvk9785jky7w199p8fbge0d7zm2x84wdbatrentaivk9785jky7w199p8fbge0d7zm2x84wdbatrentclawvk9785jky7w199p8fbge0d7zm2x84wdba
325downloads
10stars
6versions
Updated 9m ago
v1.2.0
MIT-0
@trent-ai-release
assessmentlatestsecuritythreat-modelingtrenttrentaitrentclaw
Download

Trent OpenClaw Security Assessment

Audit your OpenClaw deployment for security risks. Identifies misconfigurations, chained attack paths, and provides severity-rated findings with fixes.

Setup

All tools are bundled — no external installer needed.

Set the TRENT_API_KEY environment variable. Get a key at https://trent.ai/openclaw/

Instructions

This audit runs in three phases. Run them in order.

Phase 1 — Configuration Audit

Collect metadata and send to Trent for analysis:

from openclaw_trent.openclaw_config.collector import collect_openclaw_metadata
from openclaw_trent.lib.audit_prompt import build_audit_prompt
from openclaw_trent.lib import trent_client

metadata = collect_openclaw_metadata()
message = build_audit_prompt(metadata)
response = trent_client.chat(message=message)

Save response["thread_id"] for Phase 3.

Present findings grouped by severity (see "Present results" below).

Summarize: "Phase 1 complete. N findings from configuration analysis. Phase 2 will scan your skills for deeper analysis — I'll show you exactly what would be uploaded before anything is sent. Ready to continue?"

Optional: specify a custom config path:

from pathlib import Path
metadata = collect_openclaw_metadata(openclaw_path=Path("/path/to/openclaw/config"))

Phase 2 — Skill Upload

Scan the workspace first (nothing is uploaded yet):

from openclaw_trent.lib.package_skills import scan_workspace

skills = scan_workspace()

Present what was found and how it will be protected. Example:

I found N skills in your workspace:

SkillTypeSize
skill-nameinstalled-skill12KB

Before upload, each skill is packaged with its source code and metadata (name, version, dependencies). Files like .env, .pem, .key, and .db are excluded, and secrets in standard formats (API keys, tokens, AWS credentials, connection strings) are automatically redacted locally. If you use custom secret formats, keep them in environment variables rather than hard-coded in skill files.

Ready to upload?

Use the secrets_redacted field — if any skills had secrets redacted, mention which ones in the table or below it.

Wait for the user to confirm before uploading.

After user confirms, upload:

from openclaw_trent.lib.upload_skills import upload_packaged_skills

upload_summary = upload_packaged_skills(skills)

Present the upload summary:

  • How many skills were uploaded, skipped (unchanged), failed, or too large
  • List each skill by name and status

If all uploads failed, report the errors and stop. Otherwise proceed.

Summarize: "Phase 2 complete. N skills uploaded. Proceeding to deep skill analysis..."

Phase 3 — Deep Skill Analysis

Analyse each uploaded skill using the thread ID from Phase 1:

from openclaw_trent.lib.prompts import build_per_skill_analysis_prompt
from openclaw_trent.lib import trent_client

thread_id = "<THREAD_ID from Phase 1>"
for skill in upload_summary["skills"]:
    if skill["status"] in ("uploaded", "skipped"):
        prompt = build_per_skill_analysis_prompt(skill)
        result = trent_client.chat(message=prompt, thread_id=thread_id)

Each request uses the Phase 1 thread ID so the advisor has full context from the configuration audit.

Present the deep analysis results alongside the Phase 1 findings.

Inspect system context separately

To view the system analysis data without running a full audit:

from openclaw_trent.lib.system_analyzer import collect_system_analysis
import json
result = collect_system_analysis()
print(json.dumps(result, indent=2))

This returns channel configuration and installed skill names. Useful for debugging or verifying what data is sent.

Present results

Format findings grouped by severity:

  • CRITICAL: Immediate action required
  • HIGH: Fix soon
  • MEDIUM: Recommended improvement
  • LOW: Minor hardening

For each finding show: the risk, where it was found, and the exact fix.

Highlight chained attack paths — where multiple settings combine to create worse outcomes.

Present recommended config changes as a diff snippet for the user to review and apply manually. Do not modify any system files directly.

When to use

  • User asks "Is my setup secure?" or "audit my config"
  • After changes to OpenClaw configuration, new plugins, or new MCP servers

Comments

Loading comments...