OpenClaw Hardener
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-hardener Version: 0.1.2 The OpenClaw Hardener skill is classified as benign. Its stated purpose is to enhance the security posture of an OpenClaw installation, which is directly supported by its functionality. While the skill utilizes high-risk capabilities such as broad filesystem read/write access within the repository and `~/.openclaw` directories, and executes subprocesses (`openclaw`, `bash`, `git`, `python3`), these are explicitly declared in `openclaw-skill.json` and are necessary for a security hardening tool. The `hardener.py` script demonstrates good security practices by redacting sensitive information from output, making fixes opt-in, and explicitly denying filesystem access to critical system paths like `/etc/**` and `/root/**`. There is no evidence of intentional malicious behavior, data exfiltration to unauthorized endpoints, or prompt injection attempts against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the non-read-only modes can change file permissions or OpenClaw runtime configuration.
The documented workflows include modes that can apply fixes and change gateway configuration, which are high-impact actions even though they are disclosed and user-directed.
python3 skills_live/openclaw-hardener/scripts/hardener.py fix --all ... python3 skills_live/openclaw-hardener/scripts/hardener.py apply-config
Run check --all first, review the results and any config patch, and only then run fix or apply-config if you agree with the changes.
The skill can inspect and modify important local OpenClaw and workspace files when its commands are run.
The skill requests broad read/write authority over the workspace and OpenClaw local configuration area, which may include sensitive local configuration.
"read": ["<repo>/**", "~/.openclaw/**"], "write": ["<repo>/**", "~/.openclaw/**"]
Use it only in the intended OpenClaw workspace, keep backups of important configuration, and review output before allowing changes.
If the workspace audit script is untrusted or has been tampered with, running that path could execute unwanted local code.
The helper contains functionality to execute a repo-local security_audit.sh script through bash. This can be appropriate for a hardening workflow, but it means local workspace code may be executed.
rc, out, err = run(["bash", str(sh), "--target", str(workspace_root)], timeout_s=900)
Before using all workspace audit features in an untrusted repo, review the referenced security_audit.sh script or restrict use to the built-in OpenClaw audit and read-only checks.
Users have less external context for verifying the publisher or source history of the skill.
The registry metadata does not provide an upstream source or homepage, so provenance is limited even though the included artifacts are coherent.
Source: unknown; Homepage: none
Confirm that you trust the publisher and review the included script before installing or running mutation modes.