Security skill for OpenClaw agents (7-framework aligned). 15 core rules + automated scripts covering OWASP ASI Top 10, MITRE ATLAS, CoSAI, CSA MAESTRO, and N...
Security Analysis
high confidenceThe skill is broadly coherent with a security/audit purpose but is intrusive (it modifies cognitive/config files that persist after uninstall), makes local changes automatically (hardening, baselines, SOUL.md edits), and includes remote advisory fetching — review and vet before running.
Name/description (security audit, privacy checks, supply-chain scanning, incident response) matches the included scripts and configs. The scripts perform the audits/hardening the SKILL.md promises and do not request unrelated cloud credentials or unrelated binaries.
SKILL.md directs the agent to run the included scripts (audit, harden, scan, emergency). The scripts do more than passive checks: quick-harden.sh will modify configs (sed on openclaw.json), create/append privacy & injection directives in SOUL.md, create baseline files, and install entries into TOOLS.md/AGENTS.md. These actions are consistent with a hardening tool but are intrusive and could change agent behavior without explicit per-change approvals unless the user inspects them first.
No remote install spec (no arbitrary download/extract) — installer is a local shell copy operation (install.sh copies files into ~/.openclaw). check-advisories.sh fetches a default feed from https://adversa-ai.github.io (configurable via SECURECLAW_FEED_URL). No evidence of automatic remote code execution or use of URL shorteners, but the skill will make local filesystem changes when install.sh or quick-harden.sh are run.
The package declares no required env vars or primary credential. Scripts do read local sensitive files (openclaw.json, .env, SOUL.md, other workspace files) to perform checks and may log findings. That reading is proportional to an audit tool, but it means the scripts will access credential-bearing files (they do not require you to supply secrets explicitly).
Installer and hardening scripts append to TOOLS.md/AGENTS.md and SOUL.md and create baselines under ~/.openclaw/.secureclaw. uninstall.sh explicitly warns it will NOT remove SecureClaw directives added to SOUL.md. That means modifications to cognitive/state files persist after uninstall and can influence agent behavior long-term. The skill is not marked always:true, but it writes persistent artifacts and registers itself in workspace files — this persistent presence is significant and warrants caution.
Guidance
What to consider before installing SecureClaw: - Functionality: The skill appears to do what it claims (audits, hardens, scans skills, privacy checks, emergency response). The bundled scripts implement those features locally — there are no required external credentials. - Intrusiveness: Installing/running the included scripts will modify your OpenClaw installation: it copies files into ~/.openclaw/skills, appends entries to TOOLS.md and AGENTS.md, creates baselines under ~/.openclaw/.secureclaw, and quick-harden.sh will modify openclaw.json and append privacy/injection directives to SOUL.md. Uninstall does not automatically remove the SOUL.md edits. Treat these as persistent configuration changes. - Network activity: check-advisories.sh fetches a remote advisory feed by default. If you are restrictive about network calls, either set SECURECLAW_FEED_URL to a vetted source or avoid running that script. - Before you run anything: read the install.sh, quick-harden.sh, and uninstall.sh to understand exact changes. Back up SOLID copies of openclaw.json, SOUL.md, and any cognitive files. Consider running the scripts in a test environment first. - If you want reduced risk: run the audit/scan scripts (quick-audit.sh, scan-skills.sh, check-privacy.sh) first in 'read-only' mode to see findings, do NOT run quick-harden.sh until you review each proposed change, and do not run install.sh unless you accept the persistent modifications. - The scanner flagged an 'ignore previous instructions' pattern; this is likely because the skill ships injection-detection regexes. Still, verify the phrase is only used for detection (not as an executable instruction).
Latest Release
v2.2.0
Security skill for OpenClaw agents by Adversa AI. 15 rules + 9 automated scripts covering 7 frameworks: OWASP ASI Top 10, MITRE ATLAS, CoSAI, CSA Singapore, CSA MAESTRO, and NIST AI 100-2 E2025.
Popular Skills
Published by @adversa-ai on ClawHub
