security-guardian
Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/1999azzar/security-guardianWhat This Skill Does
The Security Guardian skill serves as an automated security auditor for OpenClaw projects. It focuses on two critical areas of software safety: proactive credential hygiene and container vulnerability management. By scanning your codebase, the skill identifies hardcoded secrets such as API keys and OAuth tokens before they can be committed or deployed. Additionally, it integrates with Trivy to inspect Docker images for known CVEs, providing an essential layer of defense for containerized environments. It identifies risks, provides actionable reports, and assists in the remediation process by recommending the migration of sensitive data to secure vaults like mema-vault.
Installation
To install this skill, ensure that you have access to the OpenClaw environment and use the following command in your terminal:
clawhub install openclaw/skills/skills/1999azzar/security-guardian
Note: For the container vulnerability scanning component, ensure that the trivy binary is pre-installed on your host machine to allow the shell scripts to execute successfully.
Use Cases
- Pre-Commit Auditing: Scan your local workspace before pushing code to identify accidental hardcoded keys.
- CI/CD Pipeline Security: Integrate the scanning scripts into your deployment flow to verify that container images meet organizational security standards.
- Legacy Codebase Cleanup: Use the tool to perform a deep sweep of an imported repository to find and vault long-forgotten secrets.
Example Prompts
- "Security Guardian, please scan my current project directory for any hardcoded secrets and give me a summary of where they are located."
- "I need to prepare for deployment. Can you run a container vulnerability scan on my latest image,
web-app-v2:latest, and identify any critical CVEs?" - "After scanning for secrets, please help me transition the found API keys to the mema-vault and replace them with environment variables."
Tips & Limitations
To maximize the effectiveness of Security Guardian, ensure your workspace is limited to the relevant project directories to prevent the tool from traversing system files or irrelevant build artifacts. While the tool is highly effective at finding standard patterns for API keys and tokens, it should be treated as a secondary line of defense; always utilize .gitignore and pre-commit hooks as your primary security measures. Be aware that the container scan relies on external vulnerability databases and may require periodic updates to the underlying trivy binary to stay current with the latest threats.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-1999azzar-security-guardian": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, file-write, code-execution
Related Skills
newman
Automated API testing with Postman collections via Newman CLI. Use when user requests API testing, collection execution, automated testing, CI/CD integration, or mentions "Postman", "Newman", "API tests", "run collection", or "automated testing".
mema-vault
Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys, database credentials, and other sensitive tokens.
ui-designer
Design beautiful interfaces using 16+ design systems including Material You, Fluent Design, Apple HIG, Ant Design, Carbon Design, Shopify Polaris, Minimalism, Glassmorphism, Neo-Brutalism, Neumorphism, Skeuomorphism, Claymorphism, Swiss Design, and Atlassian Design. Expert in Tailwind CSS, color harmonics, component theming, and accessibility (WCAG).
mermaid-architect
Generate beautiful, hand-drawn Mermaid diagrams with robust syntax (quoted labels, ELK layout). Use this skill when the user asks for "diagram", "flowchart", "sequence diagram", or "visualize this process".
guardian-wall
Mitigate prompt injection attacks, especially indirect ones from external web content or files. Use this skill when processing untrusted text from the internet, user-uploaded files, or any external source to sanitize content and detect malicious instructions (e.g., "ignore previous instructions", "system override").