概述

Token Safety Checker

Scan openclaw.json for plaintext secrets and migrate them to environment variables via SecretRef.

All operations run locally. Secret values are never passed as CLI arguments, never logged, and never appear in agent context.

Script

Single entry point: scripts/safeclaw.py

python3 safeclaw.py scan    [--config PATH]
python3 safeclaw.py migrate [--findings JSON] [--config PATH] [--profile PATH] [--dry-run] [--restore]

How secrets are protected

Risk	Mitigation
------	-----------
Secret values in `scan` output	`scan` returns paths + lengths only — never values
Secret values in CLI args	`migrate` reads values from disk internally — never via `--values` arg
Secret values in dry-run output	Masked as `export VAR="*"`
Secret values in agent context	`findings` JSON only contains `path`, `env_var`, `length` — safe to pass through SKILL
Secret values in logs	No logging of values at any point

Workflow

1. Scan

python3 <skill_dir>/scripts/safeclaw.py scan [--config ~/.openclaw/openclaw.json]

Output (safe to use in agent context — no secret values):

{
  "findings": [
    { "path": "channels.discord.token", "env_var": "OPENCLAW_DISCORD_TOKEN", "length": 72 }
  ],
  "shell": { "name": "zsh", "profile": "~/.zshrc", "source_cmd": "source ~/.zshrc" }
}

Exit 0 = clean → report and stop. Exit 1 = findings → continue. Exit 2 = config not found.

2. Show findings to user and confirm

Present the findings table (path | env_var | length). Allow renaming env vars. Do not proceed without explicit confirmation.

3. Dry-run

python3 <skill_dir>/scripts/safeclaw.py migrate \
  --findings '<findings JSON from step 1>' \
  --dry-run

Show output to user. The script re-reads config from disk to verify findings are still current. Confirm before proceeding.

4. Migrate

python3 <skill_dir>/scripts/safeclaw.py migrate \
  --findings '<findings JSON from step 1>'

The script:

Re-scans config from disk to confirm findings are still plaintext
Backs up openclaw.json → openclaw.json.bak
Reads secret values internally from disk (not from CLI args)
Appends env exports to shell profile (skips duplicates, masks values in output)
Replaces plaintext values with SecretRef in openclaw.json

5. Source profile + restart gateway

⚠️ Check how the gateway is managed:

Shell-launched (most local setups):

source <profile>
openclaw gateway restart

systemd: Add vars to EnvironmentFile= in the unit — sourcing a shell profile won't work.

Docker: Pass via -e or environment: in compose.

6. Verify

python3 <skill_dir>/scripts/safeclaw.py scan   # exit 0 = clean
openclaw gateway status

7. Rollback

python3 <skill_dir>/scripts/safeclaw.py migrate --restore

SecretRef format

{ "source": "env",  "provider": "default", "id": "MY_ENV_VAR" }
{ "source": "file", "provider": "default", "id": "/path/to/secret.txt" }
{ "source": "exec", "provider": "default", "id": "command --prints --secret" }

env is recommended for most setups. For higher-security environments, prefer file or exec.

版本历史

共 1 个版本

v2.0.0 当前

2026-05-03 06:39 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)

安全，无风险

查看报告

Token Safety Checker

概述

Token Safety Checker

Script

How secrets are protected

Workflow

1. Scan

2. Show findings to user and confirm

3. Dry-run

4. Migrate

5. Source profile + restart gateway

6. Verify

7. Rollback

SecretRef format

版本历史

安全检测

腾讯云安全 (Keen)

腾讯云安全 (Sanbu)

🔗 相关推荐

Free Ride - Unlimited free AI

MoltGuard - Security & Antivirus & Guardrails

1password