security-hardening
Security audit and hardening for AI agents — credential hygiene, secret scanning, prompt injection defense, data leakage prevention, and privacy zones.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/clawdssen/security-hardeningWhat This Skill Does
The security-hardening skill provides a comprehensive auditing framework for OpenClaw agents. It functions as an automated security officer that scans your local workspace for vulnerabilities, credential leaks, and privacy risks. By analyzing local files, the skill identifies hardcoded API keys, sensitive personal identifiable information (PII), and configuration gaps that could expose your agent to prompt injection or data leakage. It acts as a gatekeeper, ensuring that your agent's internal configuration (SOUL.md/AGENTS.md) adheres to defense-in-depth principles, preventing the agent from inadvertently broadcasting secrets or executing unauthorized instructions.
Installation
To install this skill, use the OpenClaw command-line interface within your terminal:
clawhub install openclaw/skills/skills/clawdssen/security-hardening.
Once installed, ensure your agent has read-access to the directory you wish to audit, and the skill will be available in the agent's capability repertoire.
Use Cases
- Pre-deployment Audits: Verify that no development secrets or environment keys have accidentally been written into scripts before sharing your agent.
- Automated Privacy Compliance: Regularly scan workspaces to ensure that customer data or personal emails are not stored in unencrypted, accessible text files.
- Prompt Injection Hardening: Strengthen your agent’s resilience by reviewing system-level instruction files against known injection vectors.
- Continuous Security Monitoring: Schedule periodic background checks via your agent's heartbeat/cron function to maintain workspace hygiene over time.
Example Prompts
- "Run a full security audit on this workspace and summarize any critical risks found."
- "Perform a PII scan to check if any emails or addresses are leaked in my local project files."
- "Review my AGENTS.md file and suggest hardening measures to defend against prompt injection."
Tips & Limitations
- Manual Verification: Always review the remediation report generated by the agent; never automatically delete files without confirming the findings.
- Scope Boundaries: This skill strictly operates within the agent's current workspace directory. It will not reach out to external servers, nor will it access files outside the authorized path.
- Credential Rotation: Remember that if a credential is detected by this scan, it must be considered compromised. Simply moving it is insufficient; you must rotate the key/token immediately.
- Local Execution: This tool is designed for offline security auditing, meaning your sensitive data never leaves your local machine for analysis.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-clawdssen-security-hardening": {
"enabled": true,
"auto_update": true
}
}
}Tags
Flags: file-read, file-write
Related Skills
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
arc-shield
Output sanitization for agent responses - prevents accidental secret leaks
AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
sbom-explainer
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
securityvitals
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.