OpenClaw Hardener
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the non-read-only modes can change file permissions or OpenClaw runtime configuration.
The documented workflows include modes that can apply fixes and change gateway configuration, which are high-impact actions even though they are disclosed and user-directed.
python3 skills_live/openclaw-hardener/scripts/hardener.py fix --all ... python3 skills_live/openclaw-hardener/scripts/hardener.py apply-config
Run check --all first, review the results and any config patch, and only then run fix or apply-config if you agree with the changes.
The skill can inspect and modify important local OpenClaw and workspace files when its commands are run.
The skill requests broad read/write authority over the workspace and OpenClaw local configuration area, which may include sensitive local configuration.
"read": ["<repo>/**", "~/.openclaw/**"], "write": ["<repo>/**", "~/.openclaw/**"]
Use it only in the intended OpenClaw workspace, keep backups of important configuration, and review output before allowing changes.
If the workspace audit script is untrusted or has been tampered with, running that path could execute unwanted local code.
The helper contains functionality to execute a repo-local security_audit.sh script through bash. This can be appropriate for a hardening workflow, but it means local workspace code may be executed.
rc, out, err = run(["bash", str(sh), "--target", str(workspace_root)], timeout_s=900)
Before using all workspace audit features in an untrusted repo, review the referenced security_audit.sh script or restrict use to the built-in OpenClaw audit and read-only checks.
Users have less external context for verifying the publisher or source history of the skill.
The registry metadata does not provide an upstream source or homepage, so provenance is limited even though the included artifacts are coherent.
Source: unknown; Homepage: none
Confirm that you trust the publisher and review the included script before installing or running mutation modes.