openclaw-action
GitHub Action for automated security scanning of agent workspaces. Detects exposed secrets, prompt/shell injection, and data exfiltration patterns in PRs and commits.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/atlaspa/openclaw-actionWhat This Skill Does
The openclaw-action is a specialized GitHub Action designed to bolster the security posture of AI agent workspaces. It acts as a continuous security guard that monitors every pull request and commit, specifically auditing your skill code for vulnerabilities before they reach production. It excels at identifying sensitive information exposure (such as API keys or hardcoded passwords), malicious prompt injection attempts, and suspicious outbound network traffic patterns that could signal data exfiltration. By integrating this into your CI/CD pipeline, you ensure that your OpenClaw agent skills adhere to strict security best practices.
Installation
To integrate this security layer, first ensure your repository is initialized within an OpenClaw environment. Use the terminal command clawhub install openclaw/skills/skills/atlaspa/openclaw-action to pull the necessary modules. Once installed, create or update your GitHub Actions workflow configuration file located at .github/workflows/security.yml. Add the AtlasPA/openclaw-action@v1 step within your CI job. Configure the input parameters to define your workspace path and dictate whether the pipeline should fail upon finding high-risk vulnerabilities. This modular setup allows you to tailor the strictness of the scan based on your development branch policies.
Use Cases
This tool is critical for teams building autonomous agents that handle sensitive data or interact with external APIs. Use it to prevent developers from accidentally committing credentials to public or shared repositories. It is also an essential safety gate when collaborating in open-source projects where contributors might inadvertently introduce prompt injection vectors. Furthermore, if your agents utilize third-party libraries, this action helps detect anomalous egress patterns that might indicate compromised dependencies or unauthorized data transmission.
Example Prompts
- "OpenClaw, verify my latest PR for security vulnerabilities using the openclaw-action and show me a breakdown of any detected secrets."
- "Please audit the agent workspace and summarize the scan results from the recent security check, specifically focusing on any egress flags."
- "Can you explain why the security scan failed in my build and identify the exact lines of code that triggered the prompt injection warning?"
Tips & Limitations
To get the most out of this tool, run it on every pull request to catch issues early in the development lifecycle. Note that while this action is highly effective at identification and alerting, it does not perform automated remediation. You must manually address the flagged lines. Additionally, ensure your scan-secrets and scan-injection settings are enabled for maximum coverage, as these are the most common vectors for agent compromise. Remember that the action is a static analysis tool; it does not replace the need for deep architecture reviews or periodic penetration testing of your underlying agent infrastructure.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-atlaspa-openclaw-action": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read
Related Skills
openclaw-egress
Skill by atlaspa
cost-governor
Skill by atlaspa
openclaw-vault
Skill by atlaspa
openclaw-security
Unified security suite for agent workspaces. Installs, configures, and orchestrates all 11 OpenClaw security tools in one command — integrity, secrets, permissions, network, audit trail, signing, supply chain, credentials, injection defense, compliance, and incident response.
openclaw-warden
Skill by atlaspa