{ "schemaVersion": "1.0", "item": { "slug": "openclaw-hardener", "name": "OpenClaw Hardener", "source": "tencent", "type": "skill", "category": "效率提升", "sourceUrl": "https://clawhub.ai/virtaava/openclaw-hardener", "canonicalUrl": "https://clawhub.ai/virtaava/openclaw-hardener", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/openclaw-hardener", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw-hardener", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "openclaw-skill.json", "scripts/hardener.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/openclaw-hardener" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/openclaw-hardener", "agentPageUrl": "https://openagent3.xyz/skills/openclaw-hardener/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-hardener/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-hardener/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "OpenClaw Hardener", "body": "This skill provides a user-choice hardening tool that can:\n\nRun OpenClaw’s built-in security audit (openclaw security audit --deep / --fix).\nRun workspace hygiene checks (exec bits, stray .env, unsafe serialization patterns, etc.).\nApply safe mechanical fixes only when explicitly requested.\nGenerate (and optionally apply) a Gateway config.patch plan to tighten runtime policy." }, { "title": "Run the tool", "body": "Script:\n\nskills_live/openclaw-hardener/scripts/hardener.py\n\nExamples:\n\n# Read-only checks (recommended default)\npython3 skills_live/openclaw-hardener/scripts/hardener.py check --all\n\n# Only run OpenClaw built-in audit (deep)\npython3 skills_live/openclaw-hardener/scripts/hardener.py check --openclaw\n\n# Only run workspace checks\npython3 skills_live/openclaw-hardener/scripts/hardener.py check --workspace\n\n# Apply safe fixes (chmod/exec-bit cleanup + optionally openclaw audit --fix)\npython3 skills_live/openclaw-hardener/scripts/hardener.py fix --all\n\n# Generate a config.patch plan (prints JSON5 patch)\npython3 skills_live/openclaw-hardener/scripts/hardener.py plan-config\n\n# Apply the plan (requires a running gateway; uses `openclaw gateway call`)\npython3 skills_live/openclaw-hardener/scripts/hardener.py apply-config" }, { "title": "Design rules (do not violate)", "body": "Default = check-only. No file/config changes unless user runs fix or apply-config.\nNo secrets in output. If a check reads sensitive paths, it must redact likely tokens.\nPatch plans must be explicit. Always show the patch before applying." }, { "title": "OpenClaw built-in security audit", "body": "Runs openclaw security audit --deep (and --fix in fix mode)." }, { "title": "Workspace hygiene (scope: workspace + ~/.openclaw)", "body": "Permissions sanity under ~/.openclaw (basic checks).\nUnexpected executable bits in non-executable filetypes.\nStray .env files (warn) and tracked .env (fail).\nRisky deserialization / unsafe patterns in our scripts (heuristics)." }, { "title": "Config hardening (optional plan)", "body": "Generates a conservative config.patch template focusing on:\n\nTightening inbound access defaults (pairing/allowlist, mention gating) only if you opt-in.\nEnsuring sensitive log redaction is enabled.\n\n(Exact keys depend on your config; the plan is best-effort and should be reviewed.)" } ], "body": "OpenClaw Hardener\n\nThis skill provides a user-choice hardening tool that can:\n\nRun OpenClaw’s built-in security audit (openclaw security audit --deep / --fix).\nRun workspace hygiene checks (exec bits, stray .env, unsafe serialization patterns, etc.).\nApply safe mechanical fixes only when explicitly requested.\nGenerate (and optionally apply) a Gateway config.patch plan to tighten runtime policy.\nRun the tool\n\nScript:\n\nskills_live/openclaw-hardener/scripts/hardener.py\n\nExamples:\n\n# Read-only checks (recommended default)\npython3 skills_live/openclaw-hardener/scripts/hardener.py check --all\n\n# Only run OpenClaw built-in audit (deep)\npython3 skills_live/openclaw-hardener/scripts/hardener.py check --openclaw\n\n# Only run workspace checks\npython3 skills_live/openclaw-hardener/scripts/hardener.py check --workspace\n\n# Apply safe fixes (chmod/exec-bit cleanup + optionally openclaw audit --fix)\npython3 skills_live/openclaw-hardener/scripts/hardener.py fix --all\n\n# Generate a config.patch plan (prints JSON5 patch)\npython3 skills_live/openclaw-hardener/scripts/hardener.py plan-config\n\n# Apply the plan (requires a running gateway; uses `openclaw gateway call`)\npython3 skills_live/openclaw-hardener/scripts/hardener.py apply-config\n\nDesign rules (do not violate)\nDefault = check-only. No file/config changes unless user runs fix or apply-config.\nNo secrets in output. If a check reads sensitive paths, it must redact likely tokens.\nPatch plans must be explicit. Always show the patch before applying.\nWhat it checks / fixes\nOpenClaw built-in security audit\nRuns openclaw security audit --deep (and --fix in fix mode).\nWorkspace hygiene (scope: workspace + ~/.openclaw)\nPermissions sanity under ~/.openclaw (basic checks).\nUnexpected executable bits in non-executable filetypes.\nStray .env files (warn) and tracked .env (fail).\nRisky deserialization / unsafe patterns in our scripts (heuristics).\nConfig hardening (optional plan)\n\nGenerates a conservative config.patch template focusing on:\n\nTightening inbound access defaults (pairing/allowlist, mention gating) only if you opt-in.\nEnsuring sensitive log redaction is enabled.\n\n(Exact keys depend on your config; the plan is best-effort and should be reviewed.)" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/virtaava/openclaw-hardener", "publisherUrl": "https://clawhub.ai/virtaava/openclaw-hardener", "owner": "virtaava", "version": "0.1.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/openclaw-hardener", "downloadUrl": "https://openagent3.xyz/downloads/openclaw-hardener", "agentUrl": "https://openagent3.xyz/skills/openclaw-hardener/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-hardener/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-hardener/agent.md" } }