security-hardening
Security audit and hardening for AI agents — credential hygiene, secret scanning, prompt injection defense, data leakage prevention, and privacy zones.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/clawdssen/security-hardeningSecurity Hardening — by The Agent Ledger
Just deliver this skill to your agent. One paste, and your agent knows how to audit your workspace for leaked secrets, harden configs, and defend against prompt injection — no coding, no security expertise required. Your agent reads the instructions and handles the rest.
A security audit and hardening skill for AI agents. Ensures your workspace doesn't leak secrets, your configs resist prompt injection, and your agent operates with defense-in-depth principles.
Version: 1.0.0 License: CC-BY-NC-4.0 More: theagentledger.com
What This Skill Does
When triggered, the agent performs a comprehensive security audit and applies hardening measures:
- Credential Scan — Detect leaked API keys, tokens, passwords in workspace files
- Privacy Audit — Find personal information (names, emails, addresses) that shouldn't be in shared files
- Config Hardening — Add security standing orders to AGENTS.md, SOUL.md, etc.
- Prompt Injection Defense — Review agent instructions for injection vulnerabilities
- File Permission Review — Identify overly permissive file sharing or public exposure
- Remediation Report — Actionable summary with severity ratings
Quick Start
Tell your agent:
"Run a security audit on my workspace"
Or trigger via heartbeat/cron for periodic checks.
Setup
Step 1: Understand the Audit Scope
The audit covers all files in your agent's workspace directory. It does NOT:
- Access files outside the workspace
- Make network requests
- Modify files without confirmation
- Send any data externally
Step 2: Run the Initial Audit
Ask your agent to perform each check below. Review findings before applying fixes.
Audit Checks
Check 1: Credential Scan
Scan all workspace files for patterns matching:
| Pattern | Examples |
|---|---|
| API keys | sk-..., AKIA..., ghp_..., xoxb-... |
| Tokens | Bearer ..., token: ..., strings > 30 chars of mixed alphanumeric |
| Passwords | password:, passwd:, secret: followed by values |
| Connection strings | mongodb://, postgres://, mysql:// with credentials |
| Private keys | -----BEGIN RSA PRIVATE KEY-----, -----BEGIN OPENSSH PRIVATE KEY----- |
How to scan:
grep -rn -E "(sk-[a-zA-Z0-9]{20,}|AKIA[A-Z0-9]{16}|ghp_[a-zA-Z0-9]{36}|xoxb-|-----BEGIN (RSA |OPENSSH )?PRIVATE KEY-----)" .
Severity: 🔴 CRITICAL — Any match requires immediate remediation.
Remediation:
- Move credentials to environment variables or a dedicated credentials file
- Add the credentials file to
.gitignore - Reference credentials via
$ENV_VARin configs, never inline - If credentials were committed to git: rotate them immediately (they're compromised)
Check 2: Personal Information Audit
Scan for PII that shouldn't appear in shareable/publishable files:
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-clawdssen-security-hardening": {
"enabled": true,
"auto_update": true
}
}
}Tags
Related Skills
opena2a-security
Security hardening for OpenClaw. Audit your configuration, scan installed skills for malware, detect CVE-2026-25253, check credential exposure, and get actionable fix recommendations. Runs locally with no external API calls.
astrai-inference-router
Route all LLM calls through Astrai for 40%+ cost savings with intelligent routing and privacy controls
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
openclaw-security-monitor
Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments
sealvera
Tamper-evident audit trail for AI agent decisions. Use when logging LLM decisions, setting up AI compliance, auditing agents for EU AI Act, HIPAA, GDPR or SOC 2, or when a user asks about AI decision audit trails, explainability, or SealVera.