{ "schemaVersion": "1.0", "item": { "slug": "openclaw-security-hardening", "name": "OpenClaw Security Hardening", "source": "tencent", "type": "skill", "category": "效率提升", "sourceUrl": "https://clawhub.ai/kylejfrost/openclaw-security-hardening", "canonicalUrl": "https://clawhub.ai/kylejfrost/openclaw-security-hardening", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/openclaw-security-hardening", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw-security-hardening", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "assets/security-rules-template.md", "scripts/audit-outbound.sh", "scripts/harden-workspace.sh", "scripts/install-guard.sh", "scripts/integrity-check.sh" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/openclaw-security-hardening" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/openclaw-security-hardening", "agentPageUrl": "https://openagent3.xyz/skills/openclaw-security-hardening/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-security-hardening/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-security-hardening/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "OpenClaw Security Hardening", "body": "A comprehensive security toolkit for protecting OpenClaw installations from attacks via malicious skill files, prompt injection, data exfiltration, and workspace tampering." }, { "title": "Threat Model", "body": "This skill protects against:\n\nThreatDescriptionToolPrompt InjectionMalicious skills containing instructions to override system prompts, ignore safety rules, or manipulate agent behaviorscan-skills.shData ExfiltrationSkills that instruct the agent to send sensitive data (credentials, memory, config) to external endpointsaudit-outbound.shSkill TamperingUnauthorized modification of installed skills after initial reviewintegrity-check.shWorkspace ExposureSensitive files with wrong permissions, missing .gitignore rules, insecure gateway configharden-workspace.shSupply ChainInstalling a new skill that contains hidden malicious patternsinstall-guard.sh" }, { "title": "Quick Start", "body": "# Run a full security scan of all installed skills\n./scripts/scan-skills.sh\n\n# Audit outbound data flow patterns\n./scripts/audit-outbound.sh\n\n# Initialize integrity baseline\n./scripts/integrity-check.sh --init\n\n# Harden your workspace\n./scripts/harden-workspace.sh --fix\n\n# Check a new skill before installing\n./scripts/install-guard.sh /path/to/new-skill/" }, { "title": "1. scan-skills.sh — Skill File Scanner", "body": "Scans all installed skill files for malicious patterns including prompt injection, data exfiltration attempts, suspicious URLs, hidden unicode, obfuscated commands, and social engineering.\n\nUsage:\n\n# Scan all skill directories\n./scripts/scan-skills.sh\n\n# Scan a specific directory only\n./scripts/scan-skills.sh --path /path/to/skills/\n\n# Output as JSON for automation\n./scripts/scan-skills.sh --json\n\n# Show help\n./scripts/scan-skills.sh --help\n\nWhat it detects:\n\nPrompt injection patterns (override instructions, new system prompts, admin overrides)\nData exfiltration (curl/wget to external URLs, sending file contents)\nSuspicious URLs (webhooks, pastebin, requestbin, ngrok, etc.)\nBase64-encoded content that could hide instructions\nHidden unicode characters (zero-width spaces, RTL override, homoglyphs)\nReferences to sensitive files (.env, credentials, API keys, tokens)\nInstructions to modify system files (AGENTS.md, SOUL.md)\nObfuscated commands (hex encoded, unicode escaped)\nSocial engineering (\"don't tell the user\", \"secretly\", \"without mentioning\")\n\nSeverity levels:\n\n🔴 CRITICAL — Likely malicious, immediate action needed\n🟡 WARNING — Suspicious, review manually\n🔵 INFO — Noteworthy but probably benign" }, { "title": "2. integrity-check.sh — Skill Integrity Monitor", "body": "Creates SHA256 hash baselines of all skill files and detects unauthorized modifications.\n\nUsage:\n\n# Initialize baseline (first run)\n./scripts/integrity-check.sh --init\n\n# Check for changes (run periodically)\n./scripts/integrity-check.sh\n\n# Update baseline after reviewing changes\n./scripts/integrity-check.sh --update\n\n# Check specific directory\n./scripts/integrity-check.sh --path /path/to/skills/\n\n# Show help\n./scripts/integrity-check.sh --help\n\nReports:\n\n✅ Unchanged files\n⚠️ Modified files (hash mismatch)\n🆕 New files (not in baseline)\n❌ Removed files (in baseline but missing)\n\nAutomation: Add to your heartbeat or cron to run daily:\n\n# In HEARTBEAT.md or cron\n0 8 * * * /path/to/scripts/integrity-check.sh 2>&1 | grep -E '(MODIFIED|NEW|REMOVED)'" }, { "title": "3. audit-outbound.sh — Outbound Data Flow Auditor", "body": "Scans skill files for patterns that could cause data to leave your machine.\n\nUsage:\n\n# Audit all skills\n./scripts/audit-outbound.sh\n\n# Audit specific directory\n./scripts/audit-outbound.sh --path /path/to/skills/\n\n# Show whitelisted domains\n./scripts/audit-outbound.sh --show-whitelist\n\n# Add domain to whitelist\n./scripts/audit-outbound.sh --whitelist example.com\n\n# Show help\n./scripts/audit-outbound.sh --help\n\nDetects:\n\nHTTP/HTTPS URLs embedded in skill instructions\nReferences to curl, wget, fetch, web_fetch, browser navigate\nEmail/message/webhook sending instructions\nRaw IP addresses in instructions\nNon-whitelisted external domains" }, { "title": "4. harden-workspace.sh — Workspace Hardener", "body": "Checks and fixes common security misconfigurations in your OpenClaw workspace.\n\nUsage:\n\n# Check only (report issues)\n./scripts/harden-workspace.sh\n\n# Auto-fix safe issues\n./scripts/harden-workspace.sh --fix\n\n# Show help\n./scripts/harden-workspace.sh --help\n\nChecks:\n\nFile permissions on sensitive files (MEMORY.md, USER.md, SOUL.md, credentials)\n.gitignore coverage for sensitive patterns\nGateway auth configuration\nDM policy settings\nSensitive content in version-controlled files" }, { "title": "5. install-guard.sh — Pre-Install Security Gate", "body": "Run before installing any new skill to check for malicious content.\n\nUsage:\n\n# Check a skill before installing\n./scripts/install-guard.sh /path/to/new-skill/\n\n# Strict mode (fail on warnings too)\n./scripts/install-guard.sh --strict /path/to/new-skill/\n\n# Show help\n./scripts/install-guard.sh --help\n\nChecks:\n\nAll patterns from scan-skills.sh\nDangerous shell patterns in scripts (rm -rf, curl|bash, eval, etc.)\nSuspicious npm dependencies (if package.json exists)\nExit code 0 = safe, 1 = suspicious (for CI/automation)" }, { "title": "Security Rules Template", "body": "Copy assets/security-rules-template.md into your AGENTS.md to add runtime security rules for your agent. These rules instruct the agent to refuse prompt injection attempts and protect sensitive data.\n\ncat assets/security-rules-template.md >> /path/to/AGENTS.md" }, { "title": "Recommended Setup", "body": "Initial setup:\n./scripts/scan-skills.sh # Scan existing skills\n./scripts/audit-outbound.sh # Audit outbound patterns\n./scripts/integrity-check.sh --init # Create baseline\n./scripts/harden-workspace.sh --fix # Fix workspace issues\n\n\n\nAdd security rules to AGENTS.md from the template\n\n\nBefore installing new skills:\n./scripts/install-guard.sh /path/to/new-skill/\n\n\n\nPeriodic checks (add to heartbeat or cron):\n./scripts/integrity-check.sh # Detect tampering\n./scripts/scan-skills.sh # Re-scan for new patterns" } ], "body": "OpenClaw Security Hardening\n\nA comprehensive security toolkit for protecting OpenClaw installations from attacks via malicious skill files, prompt injection, data exfiltration, and workspace tampering.\n\nThreat Model\n\nThis skill protects against:\n\nThreat\tDescription\tTool\nPrompt Injection\tMalicious skills containing instructions to override system prompts, ignore safety rules, or manipulate agent behavior\tscan-skills.sh\nData Exfiltration\tSkills that instruct the agent to send sensitive data (credentials, memory, config) to external endpoints\taudit-outbound.sh\nSkill Tampering\tUnauthorized modification of installed skills after initial review\tintegrity-check.sh\nWorkspace Exposure\tSensitive files with wrong permissions, missing .gitignore rules, insecure gateway config\tharden-workspace.sh\nSupply Chain\tInstalling a new skill that contains hidden malicious patterns\tinstall-guard.sh\nQuick Start\n# Run a full security scan of all installed skills\n./scripts/scan-skills.sh\n\n# Audit outbound data flow patterns\n./scripts/audit-outbound.sh\n\n# Initialize integrity baseline\n./scripts/integrity-check.sh --init\n\n# Harden your workspace\n./scripts/harden-workspace.sh --fix\n\n# Check a new skill before installing\n./scripts/install-guard.sh /path/to/new-skill/\n\nTools\n1. scan-skills.sh — Skill File Scanner\n\nScans all installed skill files for malicious patterns including prompt injection, data exfiltration attempts, suspicious URLs, hidden unicode, obfuscated commands, and social engineering.\n\nUsage:\n\n# Scan all skill directories\n./scripts/scan-skills.sh\n\n# Scan a specific directory only\n./scripts/scan-skills.sh --path /path/to/skills/\n\n# Output as JSON for automation\n./scripts/scan-skills.sh --json\n\n# Show help\n./scripts/scan-skills.sh --help\n\n\nWhat it detects:\n\nPrompt injection patterns (override instructions, new system prompts, admin overrides)\nData exfiltration (curl/wget to external URLs, sending file contents)\nSuspicious URLs (webhooks, pastebin, requestbin, ngrok, etc.)\nBase64-encoded content that could hide instructions\nHidden unicode characters (zero-width spaces, RTL override, homoglyphs)\nReferences to sensitive files (.env, credentials, API keys, tokens)\nInstructions to modify system files (AGENTS.md, SOUL.md)\nObfuscated commands (hex encoded, unicode escaped)\nSocial engineering (\"don't tell the user\", \"secretly\", \"without mentioning\")\n\nSeverity levels:\n\n🔴 CRITICAL — Likely malicious, immediate action needed\n🟡 WARNING — Suspicious, review manually\n🔵 INFO — Noteworthy but probably benign\n2. integrity-check.sh — Skill Integrity Monitor\n\nCreates SHA256 hash baselines of all skill files and detects unauthorized modifications.\n\nUsage:\n\n# Initialize baseline (first run)\n./scripts/integrity-check.sh --init\n\n# Check for changes (run periodically)\n./scripts/integrity-check.sh\n\n# Update baseline after reviewing changes\n./scripts/integrity-check.sh --update\n\n# Check specific directory\n./scripts/integrity-check.sh --path /path/to/skills/\n\n# Show help\n./scripts/integrity-check.sh --help\n\n\nReports:\n\n✅ Unchanged files\n⚠️ Modified files (hash mismatch)\n🆕 New files (not in baseline)\n❌ Removed files (in baseline but missing)\n\nAutomation: Add to your heartbeat or cron to run daily:\n\n# In HEARTBEAT.md or cron\n0 8 * * * /path/to/scripts/integrity-check.sh 2>&1 | grep -E '(MODIFIED|NEW|REMOVED)'\n\n3. audit-outbound.sh — Outbound Data Flow Auditor\n\nScans skill files for patterns that could cause data to leave your machine.\n\nUsage:\n\n# Audit all skills\n./scripts/audit-outbound.sh\n\n# Audit specific directory\n./scripts/audit-outbound.sh --path /path/to/skills/\n\n# Show whitelisted domains\n./scripts/audit-outbound.sh --show-whitelist\n\n# Add domain to whitelist\n./scripts/audit-outbound.sh --whitelist example.com\n\n# Show help\n./scripts/audit-outbound.sh --help\n\n\nDetects:\n\nHTTP/HTTPS URLs embedded in skill instructions\nReferences to curl, wget, fetch, web_fetch, browser navigate\nEmail/message/webhook sending instructions\nRaw IP addresses in instructions\nNon-whitelisted external domains\n4. harden-workspace.sh — Workspace Hardener\n\nChecks and fixes common security misconfigurations in your OpenClaw workspace.\n\nUsage:\n\n# Check only (report issues)\n./scripts/harden-workspace.sh\n\n# Auto-fix safe issues\n./scripts/harden-workspace.sh --fix\n\n# Show help\n./scripts/harden-workspace.sh --help\n\n\nChecks:\n\nFile permissions on sensitive files (MEMORY.md, USER.md, SOUL.md, credentials)\n.gitignore coverage for sensitive patterns\nGateway auth configuration\nDM policy settings\nSensitive content in version-controlled files\n5. install-guard.sh — Pre-Install Security Gate\n\nRun before installing any new skill to check for malicious content.\n\nUsage:\n\n# Check a skill before installing\n./scripts/install-guard.sh /path/to/new-skill/\n\n# Strict mode (fail on warnings too)\n./scripts/install-guard.sh --strict /path/to/new-skill/\n\n# Show help\n./scripts/install-guard.sh --help\n\n\nChecks:\n\nAll patterns from scan-skills.sh\nDangerous shell patterns in scripts (rm -rf, curl|bash, eval, etc.)\nSuspicious npm dependencies (if package.json exists)\nExit code 0 = safe, 1 = suspicious (for CI/automation)\nSecurity Rules Template\n\nCopy assets/security-rules-template.md into your AGENTS.md to add runtime security rules for your agent. These rules instruct the agent to refuse prompt injection attempts and protect sensitive data.\n\ncat assets/security-rules-template.md >> /path/to/AGENTS.md\n\nRecommended Setup\n\nInitial setup:\n\n./scripts/scan-skills.sh # Scan existing skills\n./scripts/audit-outbound.sh # Audit outbound patterns\n./scripts/integrity-check.sh --init # Create baseline\n./scripts/harden-workspace.sh --fix # Fix workspace issues\n\n\nAdd security rules to AGENTS.md from the template\n\nBefore installing new skills:\n\n./scripts/install-guard.sh /path/to/new-skill/\n\n\nPeriodic checks (add to heartbeat or cron):\n\n./scripts/integrity-check.sh # Detect tampering\n./scripts/scan-skills.sh # Re-scan for new patterns" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/kylejfrost/openclaw-security-hardening", "publisherUrl": "https://clawhub.ai/kylejfrost/openclaw-security-hardening", "owner": "kylejfrost", "version": "1.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/openclaw-security-hardening", "downloadUrl": "https://openagent3.xyz/downloads/openclaw-security-hardening", "agentUrl": "https://openagent3.xyz/skills/openclaw-security-hardening/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-security-hardening/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-security-hardening/agent.md" } }