ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Security Hardener

v1.0.0

One-command OpenClaw security audit, scoring, and auto-remediation. Addresses CVE-2026-33579 and common misconfigurations. Scans for exposed API keys, weak f...

0· 23·0 current·0 all-time
by@stevojarvisai-star
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (security hardener for OpenClaw) matches what the Python script does: scanning OpenClaw config/workspace, searching for secrets, checking permissions, network binding, plugin state, and offering auto-fixes. Requiring no external credentials and no install is plausible for a local hardening tool. Note: the tool claims to 'remove API keys from memory/SKILL.md files' and 'disable unsigned plugins' — those actions legitimately belong to a hardener but will modify other skill files and plugin state (see persistence_privilege).
!
Instruction Scope
SKILL.md and the script instruct the agent to scan many user paths (configs, workspace, .env files, shell history, git history) and to apply fixes (chmod, edit config, move/remove secrets, change bind address, disable plugins). Scanning shell history and git history and editing SKILL.md files can touch unrelated sensitive data and other installed skills. There's also an inconsistency: SKILL.md says 'Enables auth if disabled' in auto-fix, but the code's auth check marks enabling auth as not auto-fixable (requires user to pick a token). That mismatch affects user expectations about what the 'fix' command will do automatically.
Install Mechanism
No install spec — the skill includes an executable Python script only. This is lower risk than network-based installs. The shipped script will be executed locally; nothing in the provided excerpts shows it downloads and executes external code.
Credentials
The skill requests no environment variables or credentials, which is appropriate. However, it will read many local files (config, workspace, .env, shell history, git history). That is expected for secret scanning, but it's a high-sensitivity operation because it may find or touch secrets from unrelated services (AWS, OpenAI, Stripe, etc.). The script's SECRET_PATTERNS explicitly include many providers, so it will detect (and some commands claim to remove/relocate) sensitive credentials without requiring explicit user-supplied tokens.
!
Persistence & Privilege
The skill will modify local configuration and other skill files: changing openclaw.json, setting file permissions, moving secrets out of SKILL.md files, and disabling unsigned plugins. While these changes are in-scope for a hardener, they constitute modifications to other skills' files and to agent configuration. The skill is not 'always:true' and does not require autonomous invocation to run, but its auto-remediation operations have a real risk of breaking functionality or altering other skills. The user should expect the script to write to and change many files.
What to consider before installing
This tool largely does what it says (scan + fix OpenClaw security issues), but it reads and can modify many personal and agent-related files (shell history, .env, SKILL.md files, openclaw.json). Before running 'fix': (1) inspect the full scripts/security-hardener.py yourself or with a trusted reviewer—the provided excerpt is large but truncated; (2) run 'python3 scripts/security-hardener.py audit --json --verbose' and/or a dry-run mode first, and review the proposed changes carefully; (3) create backups (use the --backup-dir option) and/or test in an isolated environment; (4) verify provenance—the package lists 'GetAgentIQ' but the skill's source/homepage is unknown; prefer tools from known sources or signed releases; (5) be aware the script will modify other skills' SKILL.md files and plugin settings, so plan for rollbacks. If you want to proceed safely, request the full script (untruncated) and a checksum/signature from the publisher before allowing auto-remediation.

Like a lobster shell, security has layers — review code before you run it.

latestvk971m7w4a04tnq7t7q7e8pknqn8493ba

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments