ClawHub

OpenClaw Hardener

v0.1.2

Harden OpenClaw (workspace + ~/.openclaw): run openclaw security audit, catch prompt-injection/exfil risks, scan for secrets, and apply safe fixes (chmod/exec-bit cleanup). Includes optional config.patch planning to reduce attack surface.

1· 2.4k·5 current·6 all-time
by@virtaava
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the actual behavior: the script scans the workspace and ~/.openclaw, runs the OpenClaw CLI audit, and can produce/apply config.patch plans. Declared filesystem and subprocess permissions (read/write <repo>/** and ~/.openclaw/**; allow openclaw, git, bash, python3, etc.) are consistent with these tasks. Note: write access to the repo and ~/.openclaw is powerful but is needed to implement fixes and to store/adjust local config.
Instruction Scope
SKILL.md requires running scripts/hardener.py with explicit 'check', 'fix', 'plan-config', and 'apply-config' modes. The script adheres to the stated 'default = check-only' rule and includes redaction logic. However 'plan-config' and especially 'apply-config' call the OpenClaw gateway (config.get / gateway call) and can change runtime policy; those steps are high-impact and must be reviewed by the user before applying. The script reads many repo files (including .env and config) — redaction is implemented but review is advised.
Install Mechanism
There is no installer; it's an instruction-only skill with a bundled Python script. Nothing is downloaded or extracted from remote URLs during install, which minimizes install-time risk.
Credentials
The skill does not request environment variables or external credentials explicitly. It relies on local OpenClaw CLI and repo access, which is proportionate. Be aware that gateway CLI calls will use whatever OpenClaw credentials/config are already present — the skill can therefore affect systems accessible via your CLI auth without requesting new secrets.
Persistence & Privilege
always:false (normal). The skill is allowed to write to <repo>/** and ~/.openclaw/** and can apply gateway patches — these are legitimate for a hardener but are impactful. The skill does not modify other skills' configs, but because it can change gateway configuration and repository files, you should treat apply/fix operations as privileged actions and explicitly review them.
Assessment
This skill appears to be what it claims, but it can modify your repository and gateway config. Before using it: 1) Run in 'check' mode only first and review all findings. 2) When it prints a config.patch, manually inspect the patch JSON before running 'apply-config'. 3) Back up your repo and ~/.openclaw (or use a disposable environment) before running 'fix' or 'apply-config'. 4) Ensure the OpenClaw CLI on your system is authentic and that you understand which gateway/account the CLI will affect. 5) Optionally review scripts/hardener.py yourself (it includes redaction logic but no guarantees). If you do not trust the skill's source, avoid running fix/apply actions and stick to read-only checks.

Like a lobster shell, security has layers — review code before you run it.

auditvk97bsrkpetr4n43we5wzqxwy8x80b3jtclawhubvk97bsrkpetr4n43we5wzqxwy8x80b3jtdevsecopsvk97bsrkpetr4n43we5wzqxwy8x80b3jthardeningvk97bsrkpetr4n43we5wzqxwy8x80b3jtlatestvk97bsrkpetr4n43we5wzqxwy8x80b3jtopenclawvk97bsrkpetr4n43we5wzqxwy8x80b3jtprompt-injectionvk97bsrkpetr4n43we5wzqxwy8x80b3jtsecretsvk97bsrkpetr4n43we5wzqxwy8x80b3jtsecurityvk97bsrkpetr4n43we5wzqxwy8x80b3jt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments