全部技能 分类浏览
← 返回
安全合规

OpenClaw Hardener

Harden OpenClaw (workspace + ~/.openclaw): run openclaw security audit, catch prompt-injection/exfil risks, scan for secrets, and apply safe fixes (chmod/exec-bit cleanup). Includes optional config.patch planning to reduce attack surface.
加固 OpenClaw(workspace 与 ~/.openclaw):执行安全审计,拦截提示注入与数据窃取风险,扫描敏感信息并应用安全修复(如 chmod/执行位清理)。可选包含旨在缩减攻击面的 config.patch 规划。
virtaava
安全合规 clawhub v0.1.2 1 版本 99648.9 Key: 无需
★ 1
Stars
📥 2,818
下载
💾 134
安装
1
版本
#audit#clawhub#devsecops#hardening#latest#openclaw#prompt-injection#secrets#security

概述

OpenClaw Hardener

This skill provides a user-choice hardening tool that can:

  • Run OpenClaw’s built-in security audit (openclaw security audit --deep / --fix).
  • Run workspace hygiene checks (exec bits, stray .env, unsafe serialization patterns, etc.).
  • Apply safe mechanical fixes only when explicitly requested.
  • Generate (and optionally apply) a Gateway config.patch plan to tighten runtime policy.

Run the tool

Script:

  • skills_live/openclaw-hardener/scripts/hardener.py

Examples:

# Read-only checks (recommended default)
python3 skills_live/openclaw-hardener/scripts/hardener.py check --all

# Only run OpenClaw built-in audit (deep)
python3 skills_live/openclaw-hardener/scripts/hardener.py check --openclaw

# Only run workspace checks
python3 skills_live/openclaw-hardener/scripts/hardener.py check --workspace

# Apply safe fixes (chmod/exec-bit cleanup + optionally openclaw audit --fix)
python3 skills_live/openclaw-hardener/scripts/hardener.py fix --all

# Generate a config.patch plan (prints JSON5 patch)
python3 skills_live/openclaw-hardener/scripts/hardener.py plan-config

# Apply the plan (requires a running gateway; uses `openclaw gateway call`)
python3 skills_live/openclaw-hardener/scripts/hardener.py apply-config

Design rules (do not violate)

  • Default = check-only. No file/config changes unless user runs fix or apply-config.
  • No secrets in output. If a check reads sensitive paths, it must redact likely tokens.
  • Patch plans must be explicit. Always show the patch before applying.

What it checks / fixes

OpenClaw built-in security audit

  • Runs openclaw security audit --deep (and --fix in fix mode).

Workspace hygiene (scope: workspace + ~/.openclaw)

  • Permissions sanity under ~/.openclaw (basic checks).
  • Unexpected executable bits in non-executable filetypes.
  • Stray .env files (warn) and tracked .env (fail).
  • Risky deserialization / unsafe patterns in our scripts (heuristics).

Config hardening (optional plan)

Generates a conservative config.patch template focusing on:

  • Tightening inbound access defaults (pairing/allowlist, mention gating) only if you opt-in.
  • Ensuring sensitive log redaction is enabled.

(Exact keys depend on your config; the plan is best-effort and should be reviewed.)

版本历史

共 1 个版本

  • v0.1.2 当前
    2026-03-28 12:30 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

security-compliance

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 89 📥 30,584
security-compliance

1password

steipete
设置和使用 1Password CLI (op)。适用于:安装 CLI、启用桌面应用集成、登录(单/多账户)、通过 op 读取/注入/运行密钥。
★ 53 📥 31,135
security-compliance

Skill Vetter

spclaudehome
AI智能体技能安全预审工具。安装ClawdHub、GitHub等来源技能前,检查风险信号、权限范围及可疑模式。
★ 1,210 📥 266,143

Skill工具集 © 2026