← Back to Skills Marketplace
2482
Downloads
1
Stars
5
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-hardener
Description
Harden OpenClaw (workspace + ~/.openclaw): run openclaw security audit, catch prompt-injection/exfil risks, scan for secrets, and apply safe fixes (chmod/exec-bit cleanup). Includes optional config.patch planning to reduce attack surface.
Usage Guidance
This skill appears to be what it claims, but it can modify your repository and gateway config. Before using it: 1) Run in 'check' mode only first and review all findings. 2) When it prints a config.patch, manually inspect the patch JSON before running 'apply-config'. 3) Back up your repo and ~/.openclaw (or use a disposable environment) before running 'fix' or 'apply-config'. 4) Ensure the OpenClaw CLI on your system is authentic and that you understand which gateway/account the CLI will affect. 5) Optionally review scripts/hardener.py yourself (it includes redaction logic but no guarantees). If you do not trust the skill's source, avoid running fix/apply actions and stick to read-only checks.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-hardener
Version: 0.1.2
The OpenClaw Hardener skill is classified as benign. Its stated purpose is to enhance the security posture of an OpenClaw installation, which is directly supported by its functionality. While the skill utilizes high-risk capabilities such as broad filesystem read/write access within the repository and `~/.openclaw` directories, and executes subprocesses (`openclaw`, `bash`, `git`, `python3`), these are explicitly declared in `openclaw-skill.json` and are necessary for a security hardening tool. The `hardener.py` script demonstrates good security practices by redacting sensitive information from output, making fixes opt-in, and explicitly denying filesystem access to critical system paths like `/etc/**` and `/root/**`. There is no evidence of intentional malicious behavior, data exfiltration to unauthorized endpoints, or prompt injection attempts against the agent.
Capability Assessment
Purpose & Capability
The name/description match the actual behavior: the script scans the workspace and ~/.openclaw, runs the OpenClaw CLI audit, and can produce/apply config.patch plans. Declared filesystem and subprocess permissions (read/write <repo>/** and ~/.openclaw/**; allow openclaw, git, bash, python3, etc.) are consistent with these tasks. Note: write access to the repo and ~/.openclaw is powerful but is needed to implement fixes and to store/adjust local config.
Instruction Scope
SKILL.md requires running scripts/hardener.py with explicit 'check', 'fix', 'plan-config', and 'apply-config' modes. The script adheres to the stated 'default = check-only' rule and includes redaction logic. However 'plan-config' and especially 'apply-config' call the OpenClaw gateway (config.get / gateway call) and can change runtime policy; those steps are high-impact and must be reviewed by the user before applying. The script reads many repo files (including .env and config) — redaction is implemented but review is advised.
Install Mechanism
There is no installer; it's an instruction-only skill with a bundled Python script. Nothing is downloaded or extracted from remote URLs during install, which minimizes install-time risk.
Credentials
The skill does not request environment variables or external credentials explicitly. It relies on local OpenClaw CLI and repo access, which is proportionate. Be aware that gateway CLI calls will use whatever OpenClaw credentials/config are already present — the skill can therefore affect systems accessible via your CLI auth without requesting new secrets.
Persistence & Privilege
always:false (normal). The skill is allowed to write to <repo>/** and ~/.openclaw/** and can apply gateway patches — these are legitimate for a hardener but are impactful. The skill does not modify other skills' configs, but because it can change gateway configuration and repository files, you should treat apply/fix operations as privileged actions and explicitly review them.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-hardener - After installation, invoke the skill by name or use
/openclaw-hardener - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
Improve description/summary for discoverability
v0.1.1
Add discovery tags + bump version
v0.1.0
Initial release: OpenClaw audit + workspace hygiene + config patch planning
Metadata
Frequently Asked Questions
What is OpenClaw Hardener?
Harden OpenClaw (workspace + ~/.openclaw): run openclaw security audit, catch prompt-injection/exfil risks, scan for secrets, and apply safe fixes (chmod/exec-bit cleanup). Includes optional config.patch planning to reduce attack surface. It is an AI Agent Skill for Claude Code / OpenClaw, with 2482 downloads so far.
How do I install OpenClaw Hardener?
Run "/install openclaw-hardener" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Hardener free?
Yes, OpenClaw Hardener is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenClaw Hardener support?
OpenClaw Hardener is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Hardener?
It is built and maintained by virtaava (@virtaava); the current version is v0.1.2.
More Skills