OpenClaw Security Audit
by @vincent-big-fish
Security audit and credential hardening tool for OpenClaw instances. Scan for sensitive files, detect credential exposure, check gateway configuration, and m...
Security Audit
Run a comprehensive security audit:
python ~/.openclaw/skills/openclaw-security-audit/audit.py
This will: 1. Scan for sensitive files 2. Check for credential exposure in openclaw.json 3. Verify gateway security configuration 4. Generate a JSON report with findings
Credential Hardening
Migrate credentials to environment variables:
python ~/.openclaw/skills/openclaw-security-audit/harden.py
This will: 1. Backup your current configuration 2. Extract credentials from openclaw.json 3. Create .env file with credentials 4. Sanitize openclaw.json (replace with placeholders) 5. Generate setup scripts for Windows/macOS/Linux
IMPORTANT: After running harden.py, you must set environment variables before OpenClaw can access credentials.
Custom Configuration
Edit config.json to customize scanning behavior:
{
"exclude_dirs": ["node_modules", ".git", "__pycache__"],
"whitelist": ["secret-input.ts"],
"sensitive_extensions": [".env", ".key", ".pem"],
"sensitive_keywords": ["password", "secret", "credentials"]
}
1. Run audit weekly - Schedule regular security checks 2. Harden immediately - Migrate credentials to env vars on first run 3. Backup before hardening - Always backup configs before changes 4. Secure .env files - Never commit .env to version control 5. Rotate credentials - Regularly update API keys and tokens
clawhub install openclaw-safe-audit