← Back to Skills Marketplace
AI Shield — OpenClaw Security Audit
by
Laurent | AI
· GitHub ↗
· v1.0.0
844
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install ai-shield-audit
Description
Security audit engine for OpenClaw configurations. Detects vulnerabilities, misconfigurations, secret leaks, and over-privileged agents. Use when the user as...
README (SKILL.md)
OpenClaw Shield — Security Audit
Audit any OpenClaw config for security vulnerabilities, misconfigurations, and best-practice violations. Produces a structured JSON report with risk scores, findings, and remediation steps.
When to Use
- User asks to check/audit/review their OpenClaw security
- User wants to harden their config before deploying
- User is setting up a new OpenClaw instance
- User asks about secret leakage or API key exposure in their config
- Before publishing or sharing any config file
Quick Audit (live config)
node scripts/shield-audit.sh
Or directly:
node SKILL_DIR/bin/shield.js audit ~/.openclaw/openclaw.json --summary
What It Checks (11 categories)
- Gateway Auth — missing/weak auth, insecure UI settings
- Network Exposure — bind address, Tailscale funnel, wildcard proxies
- Channel Security — wildcard allowFrom, missing allowlists
- DM Policy — open DM policy without pairing
- Subagent Permissions — wildcard allowAgents, circular delegation chains, self-delegation
- Tool Permissions — over-privileged agents with tools.profile: "full"
- Secret Leakage — API keys, tokens, private keys in plaintext config
- Sandbox/Execution — missing workspace isolation, no execution policies
- Plugin Config — enabled plugins without channel config
- Heartbeat Exposure — sensitive data in heartbeat prompts
- Remote Config — unencrypted WebSocket, exposed remote URLs/tokens
Usage
Audit a config file
node SKILL_DIR/bin/shield.js audit \x3Cconfig.json>
node SKILL_DIR/bin/shield.js audit \x3Cconfig.json> --summary # human-readable
Audit from stdin
cat config.json | node SKILL_DIR/bin/shield.js audit --stdin
Sanitize a config (strip secrets)
node SKILL_DIR/bin/shield.js sanitize \x3Cconfig.json>
Programmatic use
const { auditConfig } = require('SKILL_DIR/src/audit');
const config = require('./openclaw.json');
const report = auditConfig(config);
console.log(report.risk_level); // "CRITICAL" | "HIGH" | "MEDIUM" | "LOW"
console.log(report.overall_score); // 0-100
console.log(report.vulnerabilities); // detailed findings
Output
Returns JSON with: risk_level, overall_score (0-100), vulnerabilities[], vulnerability_count, best_practices_compliance, action_recommended, safe_to_deploy, audit_timestamp.
Workflow for Agent
- Load the user's config:
cat ~/.openclaw/openclaw.json - Run:
node SKILL_DIR/bin/shield.js audit ~/.openclaw/openclaw.json --summary - Present findings to user with prioritized recommendations
- Offer to sanitize before sharing:
node SKILL_DIR/bin/shield.js sanitize \x3Cfile>
Usage Guidance
This skill appears to do what it says: it analyzes and sanitizes local OpenClaw configuration files. Before installing, consider: (1) the tool will read files in your home directory (e.g., ~/.openclaw/openclaw.json) and any config you feed it — these often contain secrets, which the sanitizer attempts to redact but you should still review outputs before sharing; (2) the --live audit tries to run the local 'openclaw' CLI to fetch config — ensure that binary is trusted on your system; (3) the README mentions an optional paid remote audit service (ACP) — the included code does not perform remote uploads, but be cautious if the skill is extended or you opt into any remote/premium feature; (4) source and provenance are unknown in the registry metadata — if you require higher assurance, review the included JS files locally or run the audit in an isolated environment. Overall the package is coherent and appropriate for its stated purpose.
Capability Analysis
Type: OpenClaw Skill
Name: ai-shield-audit
Version: 1.0.0
The skill is designed to perform security audits of OpenClaw configurations, which inherently involves accessing sensitive data. The `SKILL.md` explicitly instructs the AI agent to `cat ~/.openclaw/openclaw.json`, and `bin/shield.js` uses `execSync('openclaw config.get')` to retrieve live configuration, both of which are high-privilege actions that handle potentially sensitive information (API keys, tokens, etc.). While the stated purpose is beneficial (auditing for secret leaks and vulnerabilities) and a `sanitize` function is provided, the direct instruction to access sensitive files and the use of `execSync` for configuration retrieval, without clear evidence of exfiltration, classify it as suspicious due to the inherent risks associated with such powerful capabilities.
Capability Assessment
Purpose & Capability
Name/description (security audit) match the code and instructions: the CLI and library analyze an OpenClaw JSON, produce a risk report, and can sanitize secrets. The only minor mismatch is the implicit reliance on a local 'openclaw' CLI when using --live (execSync('openclaw config.get')), which is reasonable for a live-audit feature but not declared in SKILL.md's requirements.
Instruction Scope
SKILL.md instructs the agent to read the user's OpenClaw config (file or stdin) and run the included audit/sanitize tools. The runtime instructions and code consistently operate on local files and stdin; they do not instruct the agent to read unrelated system paths or to exfiltrate data to external endpoints. Reading the user's config (which may contain secrets) is expected for an audit tool.
Install Mechanism
No install spec is provided (instruction-only install), and the packaged files are pure Node.js scripts. Nothing is downloaded or extracted at install time. This is a low-risk install model consistent with the skill's stated function.
Credentials
The skill declares no required environment variables or credentials and the code does not expect any hidden tokens. The sanitizer contains many regexes to detect common secret formats (AWS, GitHub, private keys, etc.), which is appropriate for a sanitizer/audit tool. There are no unrelated credential requests.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It can be invoked autonomously (disable-model-invocation:false) which is the platform default; this combined with the skill's limited scope is not excessive.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ai-shield-audit - After installation, invoke the skill by name or use
/ai-shield-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: 11 vulnerability categories, CLI + library, auto-fix suggestions. Detects secret leakage, gateway misconfig, subagent permission escalation, channel security gaps.
Metadata
Frequently Asked Questions
What is AI Shield — OpenClaw Security Audit?
Security audit engine for OpenClaw configurations. Detects vulnerabilities, misconfigurations, secret leaks, and over-privileged agents. Use when the user as... It is an AI Agent Skill for Claude Code / OpenClaw, with 844 downloads so far.
How do I install AI Shield — OpenClaw Security Audit?
Run "/install ai-shield-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is AI Shield — OpenClaw Security Audit free?
Yes, AI Shield — OpenClaw Security Audit is completely free (open-source). You can download, install and use it at no cost.
Which platforms does AI Shield — OpenClaw Security Audit support?
AI Shield — OpenClaw Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created AI Shield — OpenClaw Security Audit?
It is built and maintained by Laurent | AI (@laurentaia); the current version is v1.0.0.
More Skills