ClawAudit verdict

openclaw-security-hardening-toolkit

security-hardening-toolkit-v1-0

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

Hardening guide covering OpenClaw exposure audit, credential protection, and skill verification; all commands are read-only security checks (ss, grep, find) against local configuration files with no exfiltration.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

5
security
80
transparency
100
maintenance

Permission integrity

Makes network requests but does not declare curl/wget in required binaries

network_out

Findings (5)

Pattern match critical

Possible hardcoded credential

SKILL.md · code · token = "<generated_value>

Pattern match high

Accesses OpenClaw config/secrets directly

SKILL.md · code · ~/.openclaw/openclaw.json

Pattern match medium

Base64 encoding/decoding

SKILL.md · code · base64-encode

Pattern match medium

Sets world-executable permissions

SKILL.md · code · chmod 750

Pattern match medium

Changes file ownership

SKILL.md · code · chown

Permissions & capabilities

No declared permissions — minimal attack surface.

network_outdata_encoding

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API