Security Hardener
by @stevojarvisai-star
One-command OpenClaw security audit, scoring, and auto-remediation. Addresses CVE-2026-33579 and common misconfigurations. Scans for exposed API keys, weak f...
clawhub install security-hardenerπ About This Skill
name: security-hardener description: One-command OpenClaw security audit, scoring, and auto-remediation. Addresses CVE-2026-33579 and common misconfigurations. Scans for exposed API keys, weak file permissions, unauthenticated endpoints, unsafe plugin configs, insecure transport settings, and missing auth. Generates a 0-100 security score with severity-ranked findings and auto-fixes what it can. Use when asked to "harden my OpenClaw", "security audit", "am I secure", "fix my security", "security score", "check for exposed keys", "audit my agent", "CVE check", "lock down my instance", or when setting up a new OpenClaw installation and want to verify security posture before going live.
Security Hardener
One-command security audit + auto-fix for OpenClaw. Generates a score, finds vulnerabilities, fixes what it can.
Quick Start
# Full audit β scan everything, show score + findings
python3 scripts/security-hardener.py auditAuto-fix all fixable issues (creates backup first)
python3 scripts/security-hardener.py fixScan for exposed API keys only
python3 scripts/security-hardener.py keysCheck auth configuration
python3 scripts/security-hardener.py authGenerate markdown report
python3 scripts/security-hardener.py report
Commands
audit β Full Security Audit
Runs all checks, produces a 0-100 security score:
Options: --json for machine-readable output, --verbose for detailed findings.
fix β Auto-Remediate
Creates a timestamped backup, then fixes:
Options: --dry-run to preview fixes without applying, --backup-dir .
keys β API Key Scanner
Searches config files, memory files, SKILL.md files, .env files, shell history, and git history for exposed secrets. Pattern library covers 40+ key formats (AWS, OpenAI, Anthropic, Stripe, etc.).auth β Auth Configuration Check
Verifies authentication is properly configured:
report β Markdown Report
Generates a security posture report suitable for compliance or auditing. Includes score, all findings, recommendations, and fix commands.Scoring
| Range | Rating | Meaning | |-------|--------|---------| | 90-100 | π’ Excellent | Production-ready | | 70-89 | π‘ Good | Minor issues, fix recommended | | 50-69 | π Fair | Significant gaps, fix required | | 0-49 | π΄ Critical | Unsafe for any exposure |
Each finding has a severity (critical/high/medium/low) and a weight that affects the score.
CVE Coverage
Checks against known OpenClaw CVEs including:
See references/cve-database.md for full list and mitigation details.
π‘ Examples
# Full audit β scan everything, show score + findings
python3 scripts/security-hardener.py auditAuto-fix all fixable issues (creates backup first)
python3 scripts/security-hardener.py fixScan for exposed API keys only
python3 scripts/security-hardener.py keysCheck auth configuration
python3 scripts/security-hardener.py authGenerate markdown report
python3 scripts/security-hardener.py report