🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Trent OpenClaw Security Assessment

by @trent-ai-release

Assess your Agent deployment against security risks using Trent.

TERMINAL
clawhub install trentclaw

πŸ“– About This Skill


name: trent-openclaw-security description: Assess your Agent deployment against security risks using Trent. version: 1.2.0 homepage: https://trent.ai user-invocable: true tags: - trentai - trent - trentclaw - security - assessment - threat-modeling metadata: openclaw: requires: env: - TRENT_API_KEY optionalEnv: - TRENT_CHAT_API_URL - TRENT_AGENT_API_URL - OPENCLAW_WORKSPACE primaryEnv: TRENT_API_KEY

Trent OpenClaw Security Assessment

Audit your OpenClaw deployment for security risks. Identifies misconfigurations, chained attack paths, and provides severity-rated findings with fixes.

Setup

All tools are bundled β€” no external installer needed.

Set the TRENT_API_KEY environment variable. Get a key at https://trent.ai/openclaw/

Instructions

This audit runs in three phases. Run them in order.

Phase 1 β€” Configuration Audit

Collect metadata and send to Trent for analysis:

from openclaw_trent.openclaw_config.collector import collect_openclaw_metadata
from openclaw_trent.lib.audit_prompt import build_audit_prompt
from openclaw_trent.lib import trent_client

metadata = collect_openclaw_metadata() message = build_audit_prompt(metadata) response = trent_client.chat(message=message)

Save response["thread_id"] for Phase 3.

Present findings grouped by severity (see "Present results" below).

Summarize: "Phase 1 complete. N findings from configuration analysis. Phase 2 will scan your skills for deeper analysis β€” I'll show you exactly what would be uploaded before anything is sent. Ready to continue?"

Optional: specify a custom config path:

from pathlib import Path
metadata = collect_openclaw_metadata(openclaw_path=Path("/path/to/openclaw/config"))

Phase 2 β€” Skill Upload

Scan the workspace first (nothing is uploaded yet):

from openclaw_trent.lib.package_skills import scan_workspace

skills = scan_workspace()

Present what was found and how it will be protected. Example:

> I found N skills in your workspace: > > | Skill | Type | Size | > |---|---|---| > | skill-name | installed-skill | 12KB | > > Before upload, each skill is packaged with its source code and metadata > (name, version, dependencies). Files like .env, .pem, .key, and .db are > excluded, and secrets in standard formats (API keys, tokens, AWS credentials, > connection strings) are automatically redacted locally. If you use custom > secret formats, keep them in environment variables rather than hard-coded > in skill files. > > Ready to upload?

Use the secrets_redacted field β€” if any skills had secrets redacted, mention which ones in the table or below it.

Wait for the user to confirm before uploading.

After user confirms, upload:

from openclaw_trent.lib.upload_skills import upload_packaged_skills

upload_summary = upload_packaged_skills(skills)

Present the upload summary:

  • How many skills were uploaded, skipped (unchanged), failed, or too large
  • List each skill by name and status
  • If all uploads failed, report the errors and stop. Otherwise proceed.

    Summarize: "Phase 2 complete. N skills uploaded. Proceeding to deep skill analysis..."

    Phase 3 β€” Deep Skill Analysis

    Analyse each uploaded skill using the thread ID from Phase 1:

    from openclaw_trent.lib.prompts import build_per_skill_analysis_prompt
    from openclaw_trent.lib import trent_client

    thread_id = "" for skill in upload_summary["skills"]: if skill["status"] in ("uploaded", "skipped"): prompt = build_per_skill_analysis_prompt(skill) result = trent_client.chat(message=prompt, thread_id=thread_id)

    Each request uses the Phase 1 thread ID so the advisor has full context from the configuration audit.

    Present the deep analysis results alongside the Phase 1 findings.

    Inspect system context separately

    To view the system analysis data without running a full audit:

    from openclaw_trent.lib.system_analyzer import collect_system_analysis
    import json
    result = collect_system_analysis()
    print(json.dumps(result, indent=2))
    

    This returns channel configuration and installed skill names. Useful for debugging or verifying what data is sent.

    Present results

    Format findings grouped by severity:

  • CRITICAL: Immediate action required
  • HIGH: Fix soon
  • MEDIUM: Recommended improvement
  • LOW: Minor hardening
  • For each finding show: the risk, where it was found, and the exact fix.

    Highlight chained attack paths β€” where multiple settings combine to create worse outcomes.

    Present recommended config changes as a diff snippet for the user to review and apply manually. Do not modify any system files directly.

    When to use

  • User asks "Is my setup secure?" or "audit my config"
  • After changes to OpenClaw configuration, new plugins, or new MCP servers
  • ⚑ When to Use

    TriggerAction
    - After changes to OpenClaw configuration, new plugins, or new MCP servers

    βš™οΈ Configuration

    All tools are bundled β€” no external installer needed.

    Set the TRENT_API_KEY environment variable. Get a key at https://trent.ai/openclaw/