← Back to Skills Marketplace
atlaspa

Openclaw Security

by AtlasPA · GitHub ↗ · v1.0.1
darwinlinuxwin32 ⚠ suspicious
1440
Downloads
1
Stars
9
Active Installs
2
Versions
Install in OpenClaw
/install openclaw-security
Description
Unified security suite for agent workspaces. Installs, configures, and orchestrates all 11 OpenClaw security tools in one command — integrity, secrets, permissions, network, audit trail, signing, supply chain, credentials, injection defense, compliance, and incident response.
Usage Guidance
This skill is an orchestrator that will run many other skill scripts inside whatever workspace you point it at. Before installing or running it: 1) Verify the source and repository — this package has no homepage and an unknown origin. 2) Expect it to call the ClawHub CLI or git/npm to fetch other tools; only allow that if you trust those package sources. 3) Inspect the code of the orchestrator and the individual security skill packages (scripts under workspace/*) before running setup/update/protect — they will be executed and can read/modify your files. 4) Run initial tests in an isolated or disposable workspace (or VM/container) and back up important data. 5) Ask the maintainer to clarify the README contradiction about 'no external dependencies' and to provide a verifiable homepage or repository before trusting it in a production environment.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-security Version: 1.0.1 The OpenClaw Security Suite skill bundle is an orchestrator designed to install, configure, and manage other OpenClaw security tools. The `SKILL.md` and `README.md` files clearly describe its purpose and commands, with no evidence of prompt injection or hidden instructions. The `scripts/security.py` script uses `subprocess.run` to execute the `clawhub` CLI for installing/updating other skills and to run local Python scripts for the 11 security tools it manages. All commands passed to `subprocess.run` are hardcoded lists of strings, preventing shell injection from within this script. There is no evidence of data exfiltration, persistence mechanisms, or other malicious intent within this skill bundle's code or documentation. The inherent reliance on `clawhub` and other external skills introduces a supply chain risk, but this specific skill bundle itself does not exhibit malicious behavior.
Capability Assessment
Purpose & Capability
The name/description (a unified orchestrator for 11 security tools) match the included orchestrator script and SKILL.md commands. However the README and runtime behavior require the external ClawHub CLI for installing/updating tools, which contradicts the 'No external dependencies (stdlib only)' claim. Requiring a network installer (clawhub/git) is plausible for this purpose but the README/requirements inconsistency should be clarified.
Instruction Scope
SKILL.md instructs the agent to run scripts/security.py which in turn runs other skill scripts found under the workspace (e.g., scripts/sentry.py, scripts/warden.py). That is expected for an orchestrator, but it means the skill will execute arbitrary code present in installed skill directories under your workspace and will read and likely modify workspace files. The instructions also auto-detect OPENCLAW_WORKSPACE and default to ~/.openclaw/workspace or current working dir, so be careful where you run it. The orchestration gives the skill broad discretion to run many scanners and setup/protect commands — appropriate for the stated purpose but high-risk if installed skills are untrusted.
Install Mechanism
There is no packaged install spec (instruction-only), which lowers direct supply risk. The orchestrator itself does not download arbitrary archives, but its install flow relies on the ClawHub CLI (and the README shows git clone as an option). Using clawhub/git/npm means network downloads and code execution are involved when installing the 11 tools. This is expected for a meta-installer but you should only use it with trusted registries/sources.
Credentials
The skill declares no required environment variables or credentials. The script optionally reads OPENCLAW_WORKSPACE to locate the workspace, which is reasonable. There are no unexplained requests for tokens/keys in the metadata or SKILL.md.
Persistence & Privilege
always is false and the skill is user-invocable. It will run subcommands that can modify the workspace and installed skills (setup, protect, update), which is normal for an orchestrator. There is no evidence it tries to force persistent inclusion or modify other skills' configs beyond operating on the workspace.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-security
  3. After installation, invoke the skill by name or use /openclaw-security
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
openclaw-security 1.0.1 - Internal update to scripts/security.py. - No user-facing changes to documentation or functionality.
v1.0.0
openclaw-security 1.0.0 - Initial release of the unified OpenClaw security suite. - Install, configure, and orchestrate 11 OpenClaw security tools with one command. - Provides commands for setup, scanning, updating, viewing status, and listing installed tools. - Includes a built-in dashboard for aggregated health checks. - Supports both free and Pro features across integrity, secrets, permissions, network, audit, signing, supply chain, credentials, injection defense, compliance, and incident response. - Cross-platform support: Windows, macOS, and Linux.
Metadata
Slug openclaw-security
Version 1.0.1
License
All-time Installs 10
Active Installs 9
Total Versions 2
Frequently Asked Questions

What is Openclaw Security?

Unified security suite for agent workspaces. Installs, configures, and orchestrates all 11 OpenClaw security tools in one command — integrity, secrets, permissions, network, audit trail, signing, supply chain, credentials, injection defense, compliance, and incident response. It is an AI Agent Skill for Claude Code / OpenClaw, with 1440 downloads so far.

How do I install Openclaw Security?

Run "/install openclaw-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Security free?

Yes, Openclaw Security is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Security support?

Openclaw Security is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created Openclaw Security?

It is built and maintained by AtlasPA (@atlaspa); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments