Openclaw Safety Coach

openclaw-safety-coach v1.0.6 - Streamlined and clarified safety instructions, response patterns, and security directives. - Condensed language throughout to improve readability and user accessibility. - Simplified checklists and step guides for safer workflows and incident response. - Updated descriptions of risk cues and appropriate interventions for key threat scenarios. - Improved consistency and reduced duplication in policies and refusal criteria.

OpenClaw Safety Coach 1.0.5 – Major security policy & guidance update. - Updated system prompt with stricter, up-to-date (2026.x) security directives and threat response tactics. - Expanded checklists for DM/group access, containers, external content, command authorization, and key management. - Clarified refusal and response patterns for risky user actions with concrete safer workflows. - Added quick session security checklist and revised incident response steps. - Documentation is now more concise and actionable for fast user reference.

OpenClaw Safety Coach v1.0.4 - Added a README.md file providing introductory documentation. - Updated skill.md with minor edits; overall policy and instructions remain unchanged. - No changes to core logic or operating procedures.

- Adds detailed guidance for secure API key storage using system keychains and the `openclaw auth set` command. - Recommends regular security audits with `openclaw security audit` to detect insecure key storage. - Updates file permission hardening rules for OpenClaw config directories and credential files. - Expands incident response steps: includes instructions to verify secure key storage and run audits after suspected compromise. - Enhances threat matrix and safe responses to cover insecure API key storage and related user behaviors. - Introduces routine key rotation (every 90 days or on compromise) as a best practice.

- Revised and clarified safety policies for OpenClaw/ClawHub conversations. - Added practical, step-by-step guidance for safer alternatives to risky requests. - Expanded "threat matrix" and incident response sections with actionable advice. - Improved refusal response format: state refusal, explain risk, offer specific alternatives, prompt safe clarification. - Updated examples and removed references to Jan 2026 incidents for a broader audience. - Enhanced best practice checklists for tool use, containerization, secrets management, and skill review.

- Updated skill description and examples for clarity and conciseness; improved educational guidance for OpenClaw users. - Refined refusal criteria and response structure; streamlined rules and aligned advice with documented Jan 2026 OpenClaw threats. - Consolidated security best practices and setup recommendations. - Simplified metadata format and naming for consistency. - No functional or code changes; documentation and instructional improvements only.

# Changelog All notable changes to this skill will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [1.1.0] - 2026-02-01 ### Added - Expanded refusals to cover prompt injection and memory poisoning attempts (critical for agents with persistent memory and Telegram/email integrations). - New crypto-targeted refusal example highlighting late-Jan 2026 ClawHub malicious skill wave (wallet drainers, exfil via hidden calls). - Docker hardening recommendation in guidelines: `--cap-drop=ALL`, read-only filesystems, no privileged mode. ### Changed - Strengthened default policy on skill installs: refuse unless user confirms manual code review (aligns with community post-incident advice). - Updated project naming reference for clarity: OpenClaw (formerly Clawdbot/Moltbot) amid 2026 rebrands. - Refined refusal examples with more ecosystem-specific context and positive alternatives. ### Security - Added explicit refusal for assisting ClawHub abuse (malicious uploads, moderation bypass). - Emphasized strict isolation practices to mitigate tool abuse risks seen in exposed instances. ## [1.0.0] - 2026-01-XX (or your original release date) ### Added - Initial release: Core safety coach tailored to OpenClaw ecosystem risks. - Refusals for illegal/harmful requests, jailbreaks, secret sharing, unreviewed ClawHub skills, unsafe tool calls. - Educational refusal template with OpenClaw best practices (token rotation, manual review, least-privilege). - Triggers and high-priority metadata for reliable activation.