ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

trent-openclaw-security

Audit your OpenClaw deployment for security risks using Trent AppSec Advisor

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/bristy/trent-openclaw-security
Or

Trent OpenClaw Security Audit

Audit your OpenClaw deployment for security risks. Identifies misconfigurations, chained attack paths, and provides severity-rated findings with fixes.

Setup

All tools are bundled — no external installer needed.

Set the TRENT_API_KEY environment variable. Get a key at https://app.trent.ai

Instructions

This audit runs in three phases. Run them in order.

Phase 1 — Configuration Audit

Collect metadata and send to Trent for analysis:

from openclaw_trent.openclaw_config.collector import collect_openclaw_metadata
from openclaw_trent.lib.audit_prompt import build_audit_prompt
from openclaw_trent.lib import trent_client

metadata = collect_openclaw_metadata()
message = build_audit_prompt(metadata)
response = trent_client.chat(message=message)

Save response["thread_id"] for Phase 3.

Present findings grouped by severity (see "Present results" below).

Summarize: "Phase 1 complete. N findings from configuration analysis. Proceeding to upload skills for deeper analysis..."

Optional: specify a custom config path:

from pathlib import Path
metadata = collect_openclaw_metadata(openclaw_path=Path("/path/to/openclaw/config"))

Phase 2 — Skill Upload

Data Disclosure — present this to the user before proceeding:

This phase packages and uploads skill code to Trent for deep security analysis.

What is sent:

  • Skill source code (with detected secrets automatically redacted)
  • Skill metadata (name, version, dependencies)

What is NOT sent:

  • Files with dangerous extensions (.env, .pem, .key, .db, .pyc) are excluded
  • Known secret patterns (API keys, tokens, AWS keys, connection strings) are replaced with [REDACTED] before packaging
  • Environment variables and non-skill workspace files are never included

Limitations: Pattern-based redaction may miss custom or obfuscated secrets. Best practice: do not hard-code secrets in skill files.

Wait for the user to confirm before running the upload.

Package skills (redaction happens automatically during packaging):

from openclaw_trent.lib.package_skills import scan_workspace

skills = scan_workspace()

Present what will be uploaded — for each skill show name, type, size, and whether secrets were redacted (secrets_redacted field).

After user confirms, upload:

from openclaw_trent.lib.upload_skills import upload_packaged_skills

upload_summary = upload_packaged_skills(skills)

Present the upload summary:

  • How many skills were uploaded, skipped (unchanged), failed, or too large
  • List each skill by name and status

If all uploads failed, report the errors and stop. Otherwise proceed.

Summarize: "Phase 2 complete. N skills uploaded. Proceeding to deep skill analysis..."

Phase 3 — Deep Skill Analysis

Analyse each uploaded skill using the thread ID from Phase 1:

Read Full Documentation on GitHub

Metadata

Author@bristy
Stars3500
Views0
Updated2026-03-27
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-bristy-trent-openclaw-security": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.