ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Trent OpenClaw Security Assessment

v1.1.1

Assess your Agent deployment against security risks using Trent.

10· 141·0 current·0 all-time
by@trent-ai-release
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (OpenClaw security assessment) align with the actual behavior: collecting OpenClaw metadata, packaging workspace skills, and sending them to Trent for deep analysis. Requiring a TRENT_API_KEY and optional Trent endpoints is expected.
Instruction Scope
SKILL.md and code explicitly describe three phases: collect metadata, package (with redaction), and upload skills for deep analysis. The skill reads ~/.openclaw (or a user-provided path) and workspace skill files; packaging/uploading user code is expected for this purpose. The README requires explicit user confirmation before upload and documents what is/n't sent. Caveat: redaction is pattern-based and may miss custom/obfuscated secrets; binary files are added as-is if not excluded, and very large files are skipped.
Install Mechanism
No install spec; all functionality is bundled in the skill's Python files and uses only stdlib. No remote installers or arbitrary downloads are used.
Credentials
Only TRENT_API_KEY is required (primary credential) and optional API URL vars are documented. The skill accesses local OpenClaw config/workspace files (declared in SKILL.md) — this filesystem access is proportional to an audit tool but is notable because it results in packaging and uploading user code/config.
Persistence & Privilege
always is false, the skill does not request permanent system presence or modify other skills. It writes temporary streaming outputs to a temp file for chat results but does not persist or alter global agent configuration.
Assessment
This skill is coherent for performing a remote security audit, but it will package and upload your OpenClaw skill code and metadata to trent.ai using the TRENT_API_KEY. Before using it: (1) Verify you trust https://trent.ai and the API key provider; (2) Review what will be uploaded when the tool lists skills and their sizes; do not proceed if any skill or file contains sensitive secrets you do not want shared; (3) Understand redaction is pattern-based and may miss custom/obfuscated secrets or secrets embedded in binaries—manually remove or sanitize secrets from files you plan to upload; (4) Consider running Phase 1 (configuration audit) and Phase 3 prompts locally first, and only upload after explicit, deliberate confirmation; (5) Use a restricted/rotatable API key for TRENT_API_KEY and rotate/revoke it after use if concerned. If you want extra assurance, run the packaging step on an isolated machine or a sanitized copy of your workspace so nothing sensitive is uploaded.

Like a lobster shell, security has layers — review code before you run it.

assessmentvk97art06n8f9ynz3emfwpphr2s83jcvelatestvk97art06n8f9ynz3emfwpphr2s83jcvesecurityvk97art06n8f9ynz3emfwpphr2s83jcvethreat-modelingvk97art06n8f9ynz3emfwpphr2s83jcvetrentvk97art06n8f9ynz3emfwpphr2s83jcvetrentaivk97art06n8f9ynz3emfwpphr2s83jcvetrentclawvk97art06n8f9ynz3emfwpphr2s83jcve

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvTRENT_API_KEY
Primary envTRENT_API_KEY

SKILL.md

Trent OpenClaw Security Assessment

Audit your OpenClaw deployment for security risks. Identifies misconfigurations, chained attack paths, and provides severity-rated findings with fixes.

Setup

All tools are bundled — no external installer needed.

Set the TRENT_API_KEY environment variable. Get a key at https://trent.ai/openclaw/

Instructions

This audit runs in three phases. Run them in order.

Phase 1 — Configuration Audit

Collect metadata and send to Trent for analysis:

from openclaw_trent.openclaw_config.collector import collect_openclaw_metadata
from openclaw_trent.lib.audit_prompt import build_audit_prompt
from openclaw_trent.lib import trent_client

metadata = collect_openclaw_metadata()
message = build_audit_prompt(metadata)
response = trent_client.chat(message=message)

Save response["thread_id"] for Phase 3.

Present findings grouped by severity (see "Present results" below).

Summarize: "Phase 1 complete. N findings from configuration analysis. Proceeding to upload skills for deeper analysis..."

Optional: specify a custom config path:

from pathlib import Path
metadata = collect_openclaw_metadata(openclaw_path=Path("/path/to/openclaw/config"))

Phase 2 — Skill Upload

Data Disclosure — present this to the user before proceeding:

This phase packages and uploads skill code to Trent for deep security analysis.

What is sent:

  • Skill source code (with detected secrets automatically redacted)
  • Skill metadata (name, version, dependencies)

What is NOT sent:

  • Files with dangerous extensions (.env, .pem, .key, .db, .pyc) are excluded
  • Known secret patterns (API keys, tokens, AWS keys, connection strings) are replaced with [REDACTED] before packaging
  • Environment variables and non-skill workspace files are never included

Limitations: Pattern-based redaction may miss custom or obfuscated secrets. Best practice: do not hard-code secrets in skill files.

Wait for the user to confirm before running the upload.

Package skills (redaction happens automatically during packaging):

from openclaw_trent.lib.package_skills import scan_workspace

skills = scan_workspace()

Present what will be uploaded — for each skill show name, type, size, and whether secrets were redacted (secrets_redacted field).

After user confirms, upload:

from openclaw_trent.lib.upload_skills import upload_packaged_skills

upload_summary = upload_packaged_skills(skills)

Present the upload summary:

  • How many skills were uploaded, skipped (unchanged), failed, or too large
  • List each skill by name and status

If all uploads failed, report the errors and stop. Otherwise proceed.

Summarize: "Phase 2 complete. N skills uploaded. Proceeding to deep skill analysis..."

Phase 3 — Deep Skill Analysis

Analyse each uploaded skill using the thread ID from Phase 1:

from openclaw_trent.lib.prompts import build_per_skill_analysis_prompt
from openclaw_trent.lib import trent_client

thread_id = "<THREAD_ID from Phase 1>"
for skill in upload_summary["skills"]:
    if skill["status"] in ("uploaded", "skipped"):
        prompt = build_per_skill_analysis_prompt(skill)
        result = trent_client.chat(message=prompt, thread_id=thread_id)

Each request uses the Phase 1 thread ID so the advisor has full context from the configuration audit.

Present the deep analysis results alongside the Phase 1 findings.

Inspect system context separately

To view the system analysis data without running a full audit:

from openclaw_trent.lib.system_analyzer import collect_system_analysis
import json
result = collect_system_analysis()
print(json.dumps(result, indent=2))

This returns channel configuration and installed skill names. Useful for debugging or verifying what data is sent.

Present results

Format findings grouped by severity:

  • CRITICAL: Immediate action required
  • HIGH: Fix soon
  • MEDIUM: Recommended improvement
  • LOW: Minor hardening

For each finding show: the risk, where it was found, and the exact fix.

Highlight chained attack paths — where multiple settings combine to create worse outcomes.

Present recommended config changes as a diff snippet for the user to review and apply manually. Do not modify any system files directly.

When to use

  • User asks "Is my setup secure?" or "audit my config"
  • After changes to OpenClaw configuration, new plugins, or new MCP servers

Files

12 total
Select a file
Select a file to preview.

Comments

Loading comments…