← Back to Skills Marketplace
romainsantoli-web

Firm Gateway Hardening Pack

by romainsantoli-web · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
321
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install firm-gateway-hardening-pack
Description
Gateway authentication hardening and credentials audit pack. Validates device auth, Baileys credentials, webhook HMAC signatures, log configuration, and work...
README (SKILL.md)

firm-gateway-hardening-pack

⚠️ Contenu généré par IA — validation humaine requise avant utilisation.

Purpose

Hardens the OpenClaw Gateway by auditing authentication configuration, credentials storage, webhook signatures, logging, and workspace file integrity.

Tools (5)

Tool Description Severity
openclaw_gateway_auth_check Validate Gateway device auth is enabled CRITICAL
openclaw_credentials_check Audit Baileys credentials storage security HIGH
openclaw_webhook_sig_check Verify HMAC signature on webhooks HIGH
openclaw_log_config_check Check log configuration (no sensitive data) MEDIUM
openclaw_workspace_integrity_check Verify workspace file integrity MEDIUM

Usage

skills:
  - firm-gateway-hardening-pack

# Run full gateway hardening audit:
openclaw_gateway_auth_check config_path=/path/to/config.json
openclaw_credentials_check config_path=/path/to/config.json
openclaw_webhook_sig_check config_path=/path/to/config.json

Requirements

  • mcp-openclaw-extensions >= 3.0.0
Usage Guidance
This pack broadly matches its stated goal (gateway hardening) but has several red flags you should consider before installing or running it: (1) Source and homepage are missing — you cannot verify the author or review code. (2) It depends on mcp-openclaw-extensions but provides no install or verification steps for that dependency — confirm the origin and integrity of that package. (3) The SKILL.md tells the agent to run tools against a config_path you supply, but the manifest doesn't declare which files or secrets the tools will read; expect the tools to access credential files and webhook secrets. (4) Run these checks in a safe/test environment first and inspect the underlying tool implementations (mcp-openclaw-extensions or the binaries that provide the named commands) before using them on production configs. Providing the skill author, source repository, or a verifiable install mechanism (and a list of exact config paths or env vars the tools will read) would increase confidence; without that, treat the skill as untrusted and proceed cautiously.
Capability Analysis
Type: OpenClaw Skill Name: firm-gateway-hardening-pack Version: 1.0.0 The skill bundle 'firm-gateway-hardening-pack' is classified as benign. Its stated purpose is to audit and harden OpenClaw Gateway security, including authentication, credentials, webhooks, logging, and workspace integrity. All listed tools and usage examples in `SKILL.md` align with this security auditing function. There is no evidence of malicious intent, data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts against the AI agent. The declared dependency `mcp-openclaw-extensions` is a standard requirement declaration, not an active malicious action by this skill.
Capability Assessment
Purpose & Capability
The name/description describe gateway hardening and the SKILL.md lists five audit tools that fit that purpose. However, the SKILL.md enumerates CLI commands (openclaw_gateway_auth_check, openclaw_credentials_check, etc.) but the skill's manifest does not declare any required binaries or config paths. The metadata does list a dependency on mcp-openclaw-extensions >= 3.0.0 which likely provides those commands — that is plausible, but the relationship is not made explicit in install instructions.
Instruction Scope
Runtime instructions ask the agent to run the named checks against a user-supplied config_path (e.g., /path/to/config.json). The SKILL.md does not enumerate what files, directories, or environment variables those tools will access, nor does it limit the paths. Because the checks target credentials, webhook HMACs, and workspace integrity, the tools will likely read secrets or sensitive config data. The instructions are high-level and give the agent broad discretion to run these tools against arbitrary files, which expands the attack surface if the underlying tooling is untrusted.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. The metadata 'requires' mcp-openclaw-extensions >= 3.0.0 but no mechanism is provided to obtain or verify that dependency. That is reasonable for an instruction-only wrapper if the environment already provides the extension, but it creates supply-chain uncertainty: it's unclear how/where mcp-openclaw-extensions will be installed or validated.
Credentials
The skill performs credential and webhook signature audits but declares no required environment variables or config paths. Tools that audit Baileys credentials and webhook HMACs typically need access to secret keys or credential files; the absence of declared secrets/config paths is disproportionate and leaves it unclear what the agent will access at runtime. This mismatch means sensitive data could be read without being explicitly requested in the manifest.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. Model invocation is not disabled (default) but that is normal. The skill does not request system-wide config changes or persistent privileges in its manifest.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install firm-gateway-hardening-pack
  3. After installation, invoke the skill by name or use /firm-gateway-hardening-pack
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — 5 tools: gateway auth, credentials, webhook HMAC, logs, workspace integrity
Metadata
Slug firm-gateway-hardening-pack
Version 1.0.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Firm Gateway Hardening Pack?

Gateway authentication hardening and credentials audit pack. Validates device auth, Baileys credentials, webhook HMAC signatures, log configuration, and work... It is an AI Agent Skill for Claude Code / OpenClaw, with 321 downloads so far.

How do I install Firm Gateway Hardening Pack?

Run "/install firm-gateway-hardening-pack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Firm Gateway Hardening Pack free?

Yes, Firm Gateway Hardening Pack is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Firm Gateway Hardening Pack support?

Firm Gateway Hardening Pack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Firm Gateway Hardening Pack?

It is built and maintained by romainsantoli-web (@romainsantoli-web); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments