Stiff-Sec — OpenClaw Security Hardener

Audit and securely harden OpenClaw setups by enforcing strict permissions, disabling elevated access, fixing proxy warnings, and backing up configs automatic...

This skill will modify your ~/.openclaw/openclaw.json when you run 'apply' (it creates a backup first). However, several claimed safeguards are missing or broken: the tool advertises writing a SHA‑256 to .stiffened for tamper detection but stiffen.py only writes a human-readable .stiffened without any hash, so verify-checking will report 'No SHA-256 found'. The code also does not actually change filesystem permissions despite claiming to do so, and it may not set some fields the README promises. Before running 'apply': (1) manually inspect the two scripts (already included) and confirm the exact mutations; (2) copy a separate manual backup of ~/.openclaw/openclaw.json to an external safe location; (3) run 'audit' first to see findings and note that audit prints secret previews to stdout (avoid running in a place where logs are exposed); (4) consider running stiffen.py in a sandbox or test environment to observe behavior and validate restore works. If you plan to trust this skill long-term, ask the maintainer to fix the inconsistencies (compute and store SHA‑256 in .stiffened, implement permission tightening, and ensure paths used for .stiffened are predictable).

Type: OpenClaw Skill Name: stiff-sec Version: 1.0.0 The Stiff-Sec skill is a security hardening utility designed to audit and secure OpenClaw configurations. The scripts (audit.py and stiffen.py) perform legitimate security tasks such as scanning for plaintext credentials, verifying configuration integrity via SHA-256 checksums, and applying restrictive settings (e.g., disabling elevated tool permissions and locking trusted proxies to localhost). The tool includes a mandatory backup and restore mechanism ('Sienna's Protocol') and shows no signs of data exfiltration, unauthorized execution, or malicious intent.