openclaw-security-guard
Security audit CLI + live dashboard for OpenClaw. Scans for secrets, config issues, prompt injections, vulnerable dependencies, and unverified MCP servers. Zero telemetry.
Why use this skill?
Secure your OpenClaw agent with automatic secret scanning, prompt injection detection, and config auditing. 100% local, no telemetry.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/miloudbelarebia/openclaw-security-guardWhat This Skill Does
The openclaw-security-guard is an essential security hardening tool designed specifically for the OpenClaw ecosystem. It provides a comprehensive security layer by scanning for common vulnerabilities that often plague AI-agent workflows. The tool operates through five primary diagnostic modules: a Secrets Scanner (detecting high-entropy tokens and keys), a Config Auditor (validating sandbox settings and gateway security), a Prompt Injection Detector (identifying over 50 malicious patterns), a Dependency Scanner (checking npm packages for known CVEs), and an MCP Server Auditor (enforcing trust for server connections). By centralizing these checks, it helps developers ensure their AI agents remain robust against unauthorized access and configuration drift. Importantly, this tool maintains a 100% local-only policy with zero telemetry, ensuring that your sensitive audit data never leaves your environment.
Installation
To get started, you can install the tool globally via npm or use the ClawHub registry native to OpenClaw. Run the following command in your terminal:
clawhub install openclaw/skills/skills/miloudbelarebia/openclaw-security-guard
Alternatively, for a standalone node-based install, use:
npm install -g openclaw-security-guard
Once installed, you can trigger a full security posture check with openclaw-guard audit or initialize the monitoring interface with openclaw-guard dashboard.
Use Cases
- Continuous Compliance: Use the security score feature to track your agent's safety posture over time during the development lifecycle.
- Secrets Prevention: Integrate pre-commit hooks to prevent developers from accidentally pushing credentials or API keys into your agent's configuration files.
- Attack Surface Reduction: Use the MCP Server Auditor to restrict which external connections your OpenClaw agent can initialize, preventing the execution of unauthorized or untrusted servers.
- Emergency Hardening: Use the
--autoflag to immediately patch misconfigured sandbox environments or permissive gateway bindings.
Example Prompts
- "OpenClaw, run a full security audit on my current setup and give me a summary of my security score."
- "Identify and automatically fix any insecure configuration settings or outdated dependencies in my agent workspace."
- "Launch the OpenClaw security dashboard so I can monitor real-time activity and check for any attempted prompt injection attacks."
Tips & Limitations
- Privacy: Since this tool runs entirely locally, it will not alert you to global security breaches or new zero-day vulnerabilities unless the local dependency database is updated via
npm. - Backups: Always review changes made by
openclaw-guard fixbefore running it in production, though the tool does attempt to create backups before applying changes. - Performance: For large repositories, the deep dependency scan may take a few moments. Run audits during development rather than during time-critical production operations.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-miloudbelarebia-openclaw-security-guard": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, file-write, code-execution