← Back to Skills Marketplace

OpenClaw Security Hardening

Name: OpenClaw Security Hardening
Author: kylejfrost

by kylejfrost · GitHub ↗ · v1.1.0

cross-platform ✓ Security Clean

2282

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install openclaw-security-hardening

Description

Protect OpenClaw installations from prompt injection, data exfiltration, malicious skills, and workspace tampering

Usage Guidance

This package is a local hardening/audit toolkit and appears to do what it says: it will scan your skills/workspace and create local baselines and whitelists under $HOME/.openclaw/security. Before running: (1) review the scripts yourself (they run shell commands and inspect many files); (2) back up AGENTS.md, MEMORY.md and any important files, since harden-workspace.sh can modify permissions and .gitignore when run with --fix; (3) confirm you’re comfortable with files being written to ~/.openclaw/security (hash files, whitelist); (4) run scan tools in non-privileged/test environment first, then run with --fix only after manual review; (5) check the domain whitelist and incident logging locations (memory/security-incidents.md) so you know what will be recorded. Overall the pieces are coherent for a security tool — there are no unexplained external endpoints or credential requests, but exercising normal caution (review code and run in a controlled environment) is recommended.

Capability Analysis

Type: OpenClaw Skill Name: openclaw-security-hardening Version: 1.1.0 This skill bundle is a comprehensive security hardening toolkit for OpenClaw. All scripts (`audit-outbound.sh`, `harden-workspace.sh`, `install-guard.sh`, `integrity-check.sh`, `scan-skills.sh`) are designed to detect, prevent, or remediate security risks like prompt injection, data exfiltration, skill tampering, and misconfigurations. The `SKILL.md` and `assets/security-rules-template.md` explicitly define defensive measures for the AI agent. There is no evidence of intentional harmful behavior, data exfiltration, malicious execution, or persistence mechanisms within the provided files; all actions are aligned with the stated purpose of enhancing security.

Capability Assessment

✓ Purpose & Capability

Name/description match delivered artifacts: scripts for scanning skills, auditing outbound patterns, integrity baselines, workspace hardening, and a pre-install guard are all appropriate for a 'security hardening' tool. No unrelated credentials, external services, or strange binaries are requested.

ℹ Instruction Scope

SKILL.md instructs the agent to run the provided scripts. The scripts intentionally read many files and directories (workspace files, skill files, config in $HOME, .git, .env, .ssh and common credential locations) so they can detect exposures — this is expected for this tool. Be aware these scans require file-system access and will enumerate/inspect potentially sensitive files; the scripts do not attempt to transmit data externally (they flag outbound patterns instead).

✓ Install Mechanism

Instruction-only + bundled shell scripts; there is no remote download/install step, no package registries, and no URL-based extract operations. Risk from install mechanism is low — the tool writes files into $HOME/.openclaw/security (baseline, whitelist), which is expected for a local security tool.

ℹ Credentials

No environment variables or credentials are requested. Scripts reference HOME and common system tools (shasum, realpath, grep, git, python3 optional) and standard paths (~/.openclaw, workspace paths, ~/.ssh, ~/.aws). This is proportionate to the stated purpose, but the user should note the tool will read many sensitive locations to detect issues.

✓ Persistence & Privilege

The skill is not 'always:true' and does not request elevated platform privileges. It does create/modify local state under $HOME/.openclaw/security (hash baseline, whitelist) and may write fixes when run with --fix; that behavior is expected for a hardening tool. Review and consent to these local writes before running.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install openclaw-security-hardening
After installation, invoke the skill by name or use /openclaw-security-hardening
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.0

Removed all workspace-specific references. Clean generic skill for any OpenClaw install.

v1.0.1

Remove workspace-specific path references

v1.0.0

Initial release: skill scanner, integrity checker, outbound auditor, workspace hardening, install guard, security rules template

Metadata

Slug openclaw-security-hardening

Version 1.1.0

License —

All-time Installs 1

Active Installs 1

Total Versions 3

Frequently Asked Questions

What is OpenClaw Security Hardening?

Protect OpenClaw installations from prompt injection, data exfiltration, malicious skills, and workspace tampering. It is an AI Agent Skill for Claude Code / OpenClaw, with 2282 downloads so far.

How do I install OpenClaw Security Hardening?

Run "/install openclaw-security-hardening" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw Security Hardening free?

Yes, OpenClaw Security Hardening is completely free (open-source). You can download, install and use it at no cost.

Which platforms does OpenClaw Security Hardening support?

OpenClaw Security Hardening is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw Security Hardening?

It is built and maintained by kylejfrost (@kylejfrost); the current version is v1.1.0.

More Skills