Official Verified

openclaw-hardening

Audit and harden an OpenClaw installation for common security misconfigurations. Covers non-loopback binding, exposed gateway listeners, root or Administrator execution, missing authentication, overly permissive tool policies, open DM access, plaintext API keys, and insecure file permissions. Use this skill whenever the user asks to secure OpenClaw, review a first-time setup, check whether a config is safe, audit local exposure, fix risky defaults before installing more skills, or asks "is my openclaw setup safe", "openclaw config audit", or "harden openclaw". Proactively offer to run this audit whenever the user mentions setting up or reconfiguring OpenClaw.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/billyhetech/openclaw-hardening-v1

Download Source Code (.zip)

OpenClaw Hardening

Audit the local OpenClaw setup without making assumptions about the host OS.

Guiding Principles

Before suggesting or applying any change, explain the risk in plain terms — users can only make informed decisions when they understand what they're accepting. Changes to files, permissions, users, or startup commands require explicit user confirmation, because an agent that acts without consent removes the user's ability to course-correct.

Use only local inspection. External network scans are out of scope for a local hardening audit and can create a false sense of security by checking reachability rather than configuration intent.

When config, process state, or permissions cannot be verified, report Unable to verify rather than assuming the best case. A silent false OK is worse than an honest unknown.

Remind the user to restart OpenClaw after any accepted config change, since OpenClaw reads config at startup and changes don't take effect until then.

Audit Workflow

1. Detect the operating environment

Identify the platform before choosing commands.

On Linux or macOS, prefer native shell tools such as id, ps, ss, netstat, stat, and ls.
On Windows, prefer PowerShell equivalents such as whoami, Get-Process, Get-NetTCPConnection, Get-Acl, and Select-String.

If a command is unavailable, switch to an equivalent rather than failing the whole audit.

2. Inspect configuration sources in precedence order

Inspect the most specific local source you can verify:

Running process arguments, if an OpenClaw process is already running
Environment variables already set in the current session
Local config files

Check common config locations:

./openclaw.json
~/.openclaw/config.json
%USERPROFILE%\.openclaw\config.json

Prefer the value actually in effect. If multiple sources disagree, report the highest-precedence value and note the lower-precedence values as context.

3. Audit bind address

Determine the effective bind or host value for the gateway.

Treat 127.0.0.1, localhost, ::1, and loopback as secure local-only bindings.
Treat 0.0.0.0, ::, or a concrete LAN/public IP as exposed unless the user explicitly wants remote access.
If no bind value is set, report Secure by default if you have high confidence in the current OpenClaw version's defaults, or Unable to verify version-specific default otherwise.

If the bind address is exposed, explain that any listener on a non-loopback interface may be reachable by other devices on the network. Offer to change it to a loopback value after user confirmation.

4. Audit gateway port exposure

Determine the effective gateway port.

Treat 18789 as the current default when no override is configured.
Do not assume older web-app ports such as 3000, 3001, or 8080 unless the local config or running process actually uses them.

Read Full Documentation on GitHub

Metadata

Author@billyhetech

Stars4473

Updated2026-05-01

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-billyhetech-openclaw-hardening-v1": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

smart-summarizer

Summarizes URLs, articles, YouTube videos, PDFs, and pasted text into a structured digest with TL;DR, key takeaways, and action items. Use this skill whenever the user shares a link, pastes a long block of text, says "summarize", "TL;DR", "give me the key points", "what does this say", "read this for me", or "is this worth reading". Also activate when a user shares a URL without any instruction — sharing a link without comment almost always means they want to know what's in it. Supports English and Chinese content.

billyhetech 4473

basic-memory

Gives your OpenClaw agent persistent memory across conversations by organizing entries in the native MEMORY.md and daily memory files. Automatically loads saved context at session start and saves important facts, decisions, and preferences during conversation. Use this skill whenever users say 'remember this', 'save this', 'don't forget', 'note that', 'what do you remember', 'forget [topic]', or when you detect they've shared something worth keeping — even if they don't explicitly ask. Also activate automatically at the start of every new session to load prior context.

billyhetech 4473

personal-context

Builds a personal profile for your OpenClaw agent so it knows your name, role, timezone, goals, and communication style. Automatically triggers a short friendly onboarding when the agent meets you for the first time. Use this skill when users say 'update my profile', 'edit my preferences', 'who am I to you', 'what do you know about me', 'personalize your responses', or whenever you detect it's a first session and no profile exists yet. Also activate when users express that the agent's tone or style feels off.

billyhetech 4473

skill-scanner

Security-first skill vetting for AI agents on OpenClaw and Claude Code. Scans any SKILL.md for malicious patterns, permission abuse, prompt injection, and ClawHavoc attack vectors — then gives a clear Safe / Caution / Danger verdict. Use this skill whenever the user wants to install, review, vet, or audit a skill from ClawHub, GitHub, or any other source; asks "is this skill safe?", "should I install this?", "scan/check/vet this skill", "review skill before installing"; shares a SKILL.md file or skill URL; or pastes skill content for evaluation. Proactively offer to scan any skill the user mentions installing, even if they don't explicitly ask for a security check.

billyhetech 4473

permission-guard

Security watchdog for OpenClaw agents that monitors installed skill behavior, detects unauthorized file access, suspicious outbound network calls, dangerous command patterns, and generates permission audit reports. Use this skill whenever the user asks about agent activity ("what did my agent do", "check what my skill accessed", "monitor agent permissions", "permission report", "activity log", "did my agent do anything weird", "skill behavior audit", "what files did my agent touch"), after installing a new skill to establish a behavior baseline, or when suspicious or unexpected behavior is suspected. Trigger proactively after any skill installation — a first-run baseline check is always worthwhile.

billyhetech 4473