← Back to Skills Marketplace

Openclaw Sec

Name: Openclaw Sec
Author: paolorollo

by PaoloRollo · GitHub ↗ · v0.2.6

cross-platform ⚠ suspicious

5239

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install openclaw-sec

Description

AI Agent Security Suite - Real-time protection against prompt injection, command injection, SSRF, path traversal, secrets exposure, and content policy violations

Usage Guidance

Install only if you want OpenClaw-wide security hooks that may inspect and log prompts and tool-call parameters. Review the postinstall hook behavior, database path and retention, owner bypass settings, notification endpoints, and whether `tool_result_persist` truly blocks before execution in your OpenClaw version.

Capability Analysis

Type: OpenClaw Skill Name: openclaw-sec Version: 0.2.6 The OpenClaw Security Suite is a security tool designed to detect and prevent various attacks like prompt injection, command injection, SSRF, path traversal, and secret exposure. All analyzed files, including the `SKILL.md` documentation, TypeScript source code, and shell scripts (`hooks/install-hooks.sh`), consistently align with this stated purpose. The tool's functionalities, such as scanning for malicious patterns, logging security events to a local SQLite database (`.openclaw-sec.db`), and sending notifications to configurable endpoints, are legitimate for a security product. The 'malicious' examples found in the code and documentation are test cases that the tool is designed to *detect and block*, not execute. There is no evidence of intentional harmful behavior, data exfiltration to unauthorized external endpoints, or persistence mechanisms beyond standard OpenClaw hook installation.

Capability Assessment

ℹ Purpose & Capability

The scanning, blocking, reputation, database logging, and optional notifications generally fit the stated security-suite purpose; no artifact-backed exfiltration or destructive behavior was found.

⚠ Instruction Scope

The tool-call hook claims pre-execution blocking while registering a `tool_result_persist` plugin, creating real ambiguity about whether tool actions are blocked before or after execution.

⚠ Install Mechanism

`package.json` runs a postinstall script that builds the package and invokes `hooks/install-hooks.sh`, which copies hooks into `~/.openclaw/hooks`, creates a symlink, and attempts to enable them via the OpenClaw CLI.

⚠ Credentials

Default-enabled hooks can inspect user prompts and security-relevant tool parameters, then store normalized input, user IDs, session IDs, findings, and metadata in SQLite for analytics; this is purpose-aligned but sensitive and broad.

⚠ Persistence & Privilege

The hooks persist beyond the install command and alter agent behavior globally under the OpenClaw hooks directory; documentation includes disable steps, but the install-time side effect is high-impact.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install openclaw-sec
After installation, invoke the skill by name or use /openclaw-sec
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.2.6

openclaw-sec 0.2.6 - Added new detection modules: code execution, exfiltration, injection validator, and serialization detection. - Introduced corresponding runtime validation patterns for code execution, exfiltration, SQL injection, template injection, general injection, and serialization attacks. - Significantly expanded test coverage for all new modules and patterns. - Updated core security engine and type definitions to support new modules. - Enhanced the modular structure to accommodate more security pattern categories.

v0.2.5

- Added pnpm-lock.yaml for improved dependency management and reproducible builds. - Updated multiple test files for integration and CLI functionality. - Modified Jest configuration for testing enhancements. - Made changes to the action engine and notification system test modules.

v0.2.4

openclaw-sec 0.2.4 Changelog - Updated capability metadata: added "168 patterns across 16 categories" to detection coverage. - SKILL.md version updated from 1.0.0 to 1.0.2, reflecting underlying metadata improvements. - No user-facing changes to commands or functionality. Documentation aligned with current detection scope.

v0.2.3

openclaw-sec v0.2.3 - Added 7 new pattern detectors for advanced prompt injection types, including chain-of-thought hijacking, direct extraction, encoding obfuscation, extraction attacks, policy puppetry, and social engineering. - Integrated these patterns into the core prompt injection module. - Added automated continuous integration (CI) workflow for better testing. - Improved and expanded test coverage for action and security engines. - Removed obsolete benchmark result files to streamline the codebase. - Updated documentation and dependencies.

v0.2.2

- Added `.openclaw-sec.example.yaml` as the new example config file and removed the old `.openclaw-security.example.yaml`. - Updated and improved documentation in `README.md`, hooks, and contributing guides. - Refined configuration examples and inline docs to align with new file naming. - Various updates across codebase and tests to reflect config changes and improve clarity. - No breaking changes to commands or core features.

v0.2.1

- Updated documentation in README.md and package.json. - Removed the PROJECT_SUMMARY.md file for simplification. - No changes to core functionality or detection modules.

v0.2.0

Summary: Major expansion of test coverage and security hooks; legacy hook refactor. - Added extensive integration and performance test suites. - Introduced new security input/tool validator hooks and documentation. - Split legacy hooks into a dedicated subfolder with improved structure. - Removed legacy hook files in favor of modular handlers. - Updated and clarified documentation and contribution guidelines.

v0.1.0

Initial release of OpenClaw Security Suite – comprehensive, real-time security for AI agents. - 6 parallel detection modules cover prompt injection, command injection, SSRF, path traversal, secrets exposure, and content policy violations. - Real-time validation (<50ms) with async database/logging. - Smart severity scoring and automated action enforcement (block, warn, log). - Provides detailed CLI/tools for validation, scanning, monitoring, and analytics. - Includes user reputation tracking, security stats, and event monitoring.

Metadata

Slug openclaw-sec

Version 0.2.6

License —

All-time Installs 197

Active Installs 16

Total Versions 8

Frequently Asked Questions

What is Openclaw Sec?

AI Agent Security Suite - Real-time protection against prompt injection, command injection, SSRF, path traversal, secrets exposure, and content policy violations. It is an AI Agent Skill for Claude Code / OpenClaw, with 5239 downloads so far.

How do I install Openclaw Sec?

Run "/install openclaw-sec" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Sec free?

Yes, Openclaw Sec is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Sec support?

Openclaw Sec is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Openclaw Sec?

It is built and maintained by PaoloRollo (@paolorollo); the current version is v0.2.6.

More Skills