OpenClaw Security Configurator

为OpenClaw提供企业级安全配置和监控功能，解决高系统权限带来的安全风险，符合金融合规要求。

What to consider before installing: - Source/trust: The package owner and homepage are not authoritative (unknown). Verify the release tarball URL and repository (the docs mention GitHub) and confirm the code provenance before running on production systems. - Review scripts before running: The shipped scripts read system logs, config files (e.g., /etc/openclaw/*, ~/.openclaw/*, /var/log/*) and environment variables and will write reports/logs under ~/.openclaw/security and /tmp or /var/log. Make sure you are comfortable with that access and with where logs/reports will be stored. - Sensitive data exposure: The security-check script detects environment keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, etc.) and prints masked values to stdout and to generated reports. If you run the script unattended, these outputs may be captured in logs; remove or protect sensitive env vars or run in a controlled environment. - Alert channels are optional but can exfiltrate alerts externally: Webhook/email alerting only occurs if you configure WEBHOOK_URL or EMAIL settings, but if you do, verify the destination and secret handling. The code uses curl to POST webhook payloads from the configured URL. - Installation implications: Installing as a systemd service (as suggested) requires root/sudo and will run continuously; test the scripts in a sandbox first. The provided systemd system/service templates embed the current working directory — if you enable the service, confirm ExecStart points to the correct, trusted path. - Marketing vs implementation: The README/Differentiation claim Alipay/payment integration, AI-model routing and other premium features that are not present in the provided scripts. Treat those as roadmap/marketing rather than implemented behavior. - Operational settings: Check default thresholds (ALERT_THRESHOLD, DAILY_LIMIT, CHECK_INTERVAL) and log retention to avoid excessive logging and ensure the monitor does not flood your system. - Recommended steps: (1) inspect the code yourself or have a trusted admin do so, (2) run scripts in a non-production/test environment first, (3) back up current OpenClaw configs, (4) do not enable the systemd service until satisfied with behavior, and (5) if you need production-grade financial compliance, validate the tool against your compliance requirements and vendor/source identity. Confidence note: The files and behavior are coherent with the stated purpose, but because the package owner/homepage are not authoritative and some marketing claims are unimplemented, I rate confidence as medium. Additional assurance would come from a verified repository, signed releases, or an author identity with a track record.

Type: OpenClaw Skill Name: openclaw-security-skill Version: 1.0.1 The bundle provides legitimate security auditing and token monitoring utilities for the OpenClaw platform. The scripts (security-check.sh and token-monitor.sh) perform standard system administration tasks such as checking file permissions, monitoring service status via systemctl/journalctl, and analyzing logs for usage patterns. While the tool accesses sensitive configuration files and environment variables to verify security posture, it includes logic to mask API keys in its output and lacks any evidence of data exfiltration, unauthorized persistence, or malicious prompt injection.