Go back
More in category Open on GitHub

Jump to related tools in the same category or review the original source on GitHub.

Clawdbot Tools @virtaava Updated 2/26/2026

Openclaw Hardener OpenClaw Skill - ClawHub

Do you want your AI agent to automate Openclaw Hardener workflows? This free skill from ClawHub helps with clawdbot tools tasks without building custom tools from scratch.

What this skill does

Harden OpenClaw (workspace + ~/.openclaw): run openclaw security audit, catch prompt-injection/exfil risks, scan for secrets, and apply safe fixes (chmod/exec-bit cleanup). Includes optional config.patch planning to reduce attack surface.

Install

npx clawhub@latest install openclaw-hardener

Full SKILL.md

Open original
namedescription
openclaw-hardenerHarden OpenClaw (workspace + ~/.openclaw): run openclaw security audit, catch prompt-injection/exfil risks, scan for secrets, and apply safe fixes (chmod/exec-bit cleanup). Includes optional config.patch planning to reduce attack surface.

OpenClaw Hardener

This skill provides a user-choice hardening tool that can:

  • Run OpenClaw’s built-in security audit (openclaw security audit --deep / --fix).
  • Run workspace hygiene checks (exec bits, stray .env, unsafe serialization patterns, etc.).
  • Apply safe mechanical fixes only when explicitly requested.
  • Generate (and optionally apply) a Gateway config.patch plan to tighten runtime policy.

Run the tool

Script:

  • skills_live/openclaw-hardener/scripts/hardener.py

Examples:

# Read-only checks (recommended default)
python3 skills_live/openclaw-hardener/scripts/hardener.py check --all

# Only run OpenClaw built-in audit (deep)
python3 skills_live/openclaw-hardener/scripts/hardener.py check --openclaw

# Only run workspace checks
python3 skills_live/openclaw-hardener/scripts/hardener.py check --workspace

# Apply safe fixes (chmod/exec-bit cleanup + optionally openclaw audit --fix)
python3 skills_live/openclaw-hardener/scripts/hardener.py fix --all

# Generate a config.patch plan (prints JSON5 patch)
python3 skills_live/openclaw-hardener/scripts/hardener.py plan-config

# Apply the plan (requires a running gateway; uses `openclaw gateway call`)
python3 skills_live/openclaw-hardener/scripts/hardener.py apply-config

Design rules (do not violate)

  • Default = check-only. No file/config changes unless user runs fix or apply-config.
  • No secrets in output. If a check reads sensitive paths, it must redact likely tokens.
  • Patch plans must be explicit. Always show the patch before applying.

What it checks / fixes

OpenClaw built-in security audit

  • Runs openclaw security audit --deep (and --fix in fix mode).

Workspace hygiene (scope: workspace + ~/.openclaw)

  • Permissions sanity under ~/.openclaw (basic checks).
  • Unexpected executable bits in non-executable filetypes.
  • Stray .env files (warn) and tracked .env (fail).
  • Risky deserialization / unsafe patterns in our scripts (heuristics).

Config hardening (optional plan)

Generates a conservative config.patch template focusing on:

  • Tightening inbound access defaults (pairing/allowlist, mention gating) only if you opt-in.
  • Ensuring sensitive log redaction is enabled.

(Exact keys depend on your config; the plan is best-effort and should be reviewed.)

Original URL: https://github.com/openclaw/skills/blob/main/skills/virtaava/openclaw-hardener

Related skills

If this matches your use case, these are close alternatives in the same category.

adhd-assistant

ADHD-friendly life management assistant for OpenClaw.

adhd-ssistant

ADHD-friendly life management assistant for OpenClaw.

agent-browser

Headless browser automation CLI optimized for AI agents

agent-builder

Build high-performing OpenClaw agents end-to-end.

agent-observability-dashboard

Unified observability

agents-manager

Manage Clawdbot agents: discover, profile, track