openclaw-hardener
Harden OpenClaw (workspace + ~/.openclaw): run openclaw security audit, catch prompt-injection/exfil risks, scan for secrets, and apply safe fixes (chmod/exec-bit cleanup). Includes optional config.patch planning to reduce attack surface.
Why use this skill?
Fortify your OpenClaw environment with automated security audits, workspace hygiene checks, and configurable policy hardening tools to keep your agent secure.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/virtaava/openclaw-hardenerWhat This Skill Does
The openclaw-hardener is a comprehensive security utility designed to fortify your OpenClaw environment by scanning, analyzing, and patching potential vulnerabilities across your workspace and configuration files. It acts as a safety layer that bridges the gap between default settings and a hardened, production-ready agent setup. The tool is split into three functional pillars: built-in audit integration, workspace hygiene enforcement, and configuration policy management.
By leveraging the internal OpenClaw audit capabilities, the skill systematically evaluates deep-seated security flaws. Beyond internal audits, it enforces strict workspace hygiene by detecting improper file permissions, scanning for sensitive files like .env that might be accidentally tracked, and flagging unsafe deserialization patterns in local scripts. The configuration hardening component allows users to generate config.patch plans, offering a transparent way to tighten runtime policies—such as enabling sensitive log redaction or restricting inbound access—without blindly applying changes to your agent infrastructure.
Installation
To add the openclaw-hardener to your OpenClaw agent, execute the following command in your terminal:
clawhub install openclaw/skills/skills/virtaava/openclaw-hardener
Once installed, you can trigger the script directly from your workspace via python3 skills_live/openclaw-hardener/scripts/hardener.py.
Use Cases
- Security Auditing: Periodically run deep scans to ensure your local environment configuration complies with OpenClaw best practices.
- Workspace Sanitization: Automatically clean up incorrect executable bits or identify sensitive files that should not be in your codebase.
- Policy Hardening: Generate and review configuration patches to reduce the attack surface before pushing your agent to a shared gateway.
Example Prompts
- "Run a full security audit on my workspace and list any permission issues or stray environment files I should address."
- "I need to harden my agent config. Can you generate a patch plan to restrict inbound access and enable full log redaction?"
- "Perform a safe cleanup of my workspace permissions and fix any executable bit issues found in the scripts directory."
Tips & Limitations
- Default Safety: The skill follows a strict 'read-only' default. No file changes are performed unless you explicitly pass the
fixorapply-configarguments. Always review the output ofplan-configbefore runningapply-config. - Redaction: While the tool attempts to redact potential secrets during output, always perform a final visual audit of configuration patches before applying them, as complex patterns may occasionally bypass basic heuristics.
- Scope: The tool is designed specifically for
~/.openclawand your current workspace. It does not provide system-wide OS-level security hardening.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-virtaava-openclaw-hardener": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-write, file-read, code-execution