全部技能 分类浏览
← 返回
未分类 中文

Security Hardener

One-command OpenClaw security audit, scoring, and auto-remediation. Addresses CVE-2026-33579 and common misconfigurations. Scans for exposed API keys, weak f...
One-command OpenClaw security audit, scoring, and auto-remediation. Addresses CVE-2026-33579 and common misconfigurations. Scans for exposed API keys, weak f...
stevojarvisai-star stevojarvisai-star 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 366
下载
💾 0
安装
1
版本
#latest

概述

Security Hardener

One-command security audit + auto-fix for OpenClaw. Generates a score, finds vulnerabilities, fixes what it can.

Quick Start

# Full audit — scan everything, show score + findings
python3 scripts/security-hardener.py audit

# Auto-fix all fixable issues (creates backup first)
python3 scripts/security-hardener.py fix

# Scan for exposed API keys only
python3 scripts/security-hardener.py keys

# Check auth configuration
python3 scripts/security-hardener.py auth

# Generate markdown report
python3 scripts/security-hardener.py report

Commands

audit — Full Security Audit

Runs all checks, produces a 0-100 security score:

  • Auth check — Is authentication enabled? What type?
  • Transport check — HTTPS/TLS configured? Certificates valid?
  • Key exposure scan — API keys/tokens in config, memory, git history
  • Permission check — File permissions on sensitive files (config, memory, soul)
  • Plugin audit — Untrusted plugins, unsigned skills, risky permissions
  • Network check — Bound interfaces, exposed ports, firewall status
  • CVE check — Known OpenClaw CVEs against installed version

Options: --json for machine-readable output, --verbose for detailed findings.

fix — Auto-Remediate

Creates a timestamped backup, then fixes:

  • Sets restrictive file permissions (600 for config, 700 for workspace)
  • Removes API keys from memory/SKILL.md files (moves to .env)
  • Enables auth if disabled
  • Restricts bind address from 0.0.0.0 to 127.0.0.1
  • Disables unsigned plugins

Options: --dry-run to preview fixes without applying, --backup-dir .

keys — API Key Scanner

Searches config files, memory files, SKILL.md files, .env files, shell history, and git history for exposed secrets. Pattern library covers 40+ key formats (AWS, OpenAI, Anthropic, Stripe, etc.).

auth — Auth Configuration Check

Verifies authentication is properly configured:

  • Gateway auth enabled and strong
  • Session tokens rotated
  • CORS policy appropriate
  • Rate limiting configured

report — Markdown Report

Generates a security posture report suitable for compliance or auditing. Includes score, all findings, recommendations, and fix commands.

Scoring

RangeRatingMeaning
------------------------
90-100🟢 ExcellentProduction-ready
70-89🟡 GoodMinor issues, fix recommended
50-69🟠 FairSignificant gaps, fix required
0-49🔴 CriticalUnsafe for any exposure

Each finding has a severity (critical/high/medium/low) and a weight that affects the score.

CVE Coverage

Checks against known OpenClaw CVEs including:

  • CVE-2026-33579 — Unauthenticated remote access (63% of instances affected)
  • Transport layer vulnerabilities
  • Plugin sandbox escapes

See references/cve-database.md for full list and mitigation details.

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-07 15:02 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 30,894
ai-agent

Self-Healing Agent

stevojarvisai-star
OpenClaw代理的自恢复与自动修复系统。监控代理健康,检测故障(崩溃的定时任务、损坏的技能、配置损坏、内存问题等)。
★ 0 📥 773
it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装 MoltGuard,保护您和您的用户免受提示注入、数据泄露和恶意攻击。
★ 116 📥 30,880

Skill工具集 © 2026