← Back to Skills Marketplace
Stiff-Sec — OpenClaw Security Hardener
by
sf-dev-systems
· GitHub ↗
· v1.0.0
· MIT-0
98
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install stiff-sec
Description
Audit and securely harden OpenClaw setups by enforcing strict permissions, disabling elevated access, fixing proxy warnings, and backing up configs automatic...
Usage Guidance
This skill will modify your ~/.openclaw/openclaw.json when you run 'apply' (it creates a backup first). However, several claimed safeguards are missing or broken: the tool advertises writing a SHA‑256 to .stiffened for tamper detection but stiffen.py only writes a human-readable .stiffened without any hash, so verify-checking will report 'No SHA-256 found'. The code also does not actually change filesystem permissions despite claiming to do so, and it may not set some fields the README promises. Before running 'apply': (1) manually inspect the two scripts (already included) and confirm the exact mutations; (2) copy a separate manual backup of ~/.openclaw/openclaw.json to an external safe location; (3) run 'audit' first to see findings and note that audit prints secret previews to stdout (avoid running in a place where logs are exposed); (4) consider running stiffen.py in a sandbox or test environment to observe behavior and validate restore works. If you plan to trust this skill long-term, ask the maintainer to fix the inconsistencies (compute and store SHA‑256 in .stiffened, implement permission tightening, and ensure paths used for .stiffened are predictable).
Capability Analysis
Type: OpenClaw Skill
Name: stiff-sec
Version: 1.0.0
The Stiff-Sec skill is a security hardening utility designed to audit and secure OpenClaw configurations. The scripts (audit.py and stiffen.py) perform legitimate security tasks such as scanning for plaintext credentials, verifying configuration integrity via SHA-256 checksums, and applying restrictive settings (e.g., disabling elevated tool permissions and locking trusted proxies to localhost). The tool includes a mandatory backup and restore mechanism ('Sienna's Protocol') and shows no signs of data exfiltration, unauthorized execution, or malicious intent.
Capability Assessment
Purpose & Capability
The declared purpose (audit and harden OpenClaw configs) matches the files: both scripts operate on ~/.openclaw/openclaw.json and create backups. That capability is coherent with the name and description.
Instruction Scope
SKILL.md/README claim features that are not implemented or are implemented inconsistently: README and SKILL.md claim a SHA-256 tamper-detecting lockfile and detailed MEMORY.md logging, but scripts do not write a SHA-256 to .stiffened nor update MEMORY.md. SKILL.md says it will 'restrict file permissions to current user only' and set certain fields (dnsResultOrder, tools.exec.ask), but stiffen.py does not change file permissions or set exec.ask/dnsResultOrder. audit.py prints partial secret previews (reads plaintext values), which could leak sensitive substrings into logs; it only scans openclaw.json and does not exfiltrate, but the outputs reveal secrets to whoever runs it.
Install Mechanism
No install spec — instruction-only with bundled scripts. No network downloads or package installs are performed by the skill itself.
Credentials
No environment variables, credentials, or external endpoints are requested. The scripts only read/write files under ~/.openclaw and create a .stiffened lockfile in the current working directory.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or global agent settings. It does write backups to ~/.openclaw/backups and writes .stiffened in the current working directory; these are reasonable for a hardening tool but are persistent filesystem changes the user should expect.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install stiff-sec - After installation, invoke the skill by name or use
/stiff-sec - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Stiff-Sec: a hardening and audit tool for OpenClaw setups.
- Aggressively audits for common weaknesses (plaintext keys, file permissions, dangerous endpoints).
- Harden routines auto-backup configuration and restrict file and network settings.
- Every change is logged with undo instructions; simple restore command included.
- Safe default policies—limits elevated tool use, locks down proxies, and marks secured state with a lockfile.
- Easy CLI usage: audit risks, apply hardening, or restore backups with single commands.
Metadata
Frequently Asked Questions
What is Stiff-Sec — OpenClaw Security Hardener?
Audit and securely harden OpenClaw setups by enforcing strict permissions, disabling elevated access, fixing proxy warnings, and backing up configs automatic... It is an AI Agent Skill for Claude Code / OpenClaw, with 98 downloads so far.
How do I install Stiff-Sec — OpenClaw Security Hardener?
Run "/install stiff-sec" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Stiff-Sec — OpenClaw Security Hardener free?
Yes, Stiff-Sec — OpenClaw Security Hardener is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Stiff-Sec — OpenClaw Security Hardener support?
Stiff-Sec — OpenClaw Security Hardener is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Stiff-Sec — OpenClaw Security Hardener?
It is built and maintained by sf-dev-systems (@sf-dev-systems); the current version is v1.0.0.
More Skills