✓ Verified 💻 Development ✓ Enhanced Data

Ai Shield Audit

Security audit engine for OpenClaw configurations.

Rating
5 (33 reviews)
Downloads
14,683 downloads
Version
1.0.0

Overview

Security audit engine for OpenClaw configurations.

Complete Documentation

View Source →

OpenClaw Shield — Security Audit

Audit any OpenClaw config for security vulnerabilities, misconfigurations, and best-practice violations. Produces a structured JSON report with risk scores, findings, and remediation steps.

When to Use

  • User asks to check/audit/review their OpenClaw security
  • User wants to harden their config before deploying
  • User is setting up a new OpenClaw instance
  • User asks about secret leakage or API key exposure in their config
  • Before publishing or sharing any config file

Quick Audit (live config)

bash
node scripts/shield-audit.sh

Or directly:

bash
node SKILL_DIR/bin/shield.js audit ~/.openclaw/openclaw.json --summary

What It Checks (11 categories)

  • Gateway Auth — missing/weak auth, insecure UI settings
  • Network Exposure — bind address, Tailscale funnel, wildcard proxies
  • Channel Security — wildcard allowFrom, missing allowlists
  • DM Policy — open DM policy without pairing
  • Subagent Permissions — wildcard allowAgents, circular delegation chains, self-delegation
  • Tool Permissions — over-privileged agents with tools.profile: "full"
  • Secret Leakage — API keys, tokens, private keys in plaintext config
  • Sandbox/Execution — missing workspace isolation, no execution policies
  • Plugin Config — enabled plugins without channel config
  • Heartbeat Exposure — sensitive data in heartbeat prompts
  • Remote Config — unencrypted WebSocket, exposed remote URLs/tokens

Usage

Audit a config file

bash
node SKILL_DIR/bin/shield.js audit <config.json>
node SKILL_DIR/bin/shield.js audit <config.json> --summary   # human-readable

Audit from stdin

bash
cat config.json | node SKILL_DIR/bin/shield.js audit --stdin

Sanitize a config (strip secrets)

bash
node SKILL_DIR/bin/shield.js sanitize <config.json>

Programmatic use

javascript
const { auditConfig } = require('SKILL_DIR/src/audit');
const config = require('./openclaw.json');
const report = auditConfig(config);
console.log(report.risk_level);      // "CRITICAL" | "HIGH" | "MEDIUM" | "LOW"
console.log(report.overall_score);   // 0-100
console.log(report.vulnerabilities); // detailed findings

Output

Returns JSON with: risk_level, overall_score (0-100), vulnerabilities[], vulnerability_count, best_practices_compliance, action_recommended, safe_to_deploy, audit_timestamp.

Workflow for Agent

  • Load the user's config: cat ~/.openclaw/openclaw.json
  • Run: node SKILL_DIR/bin/shield.js audit ~/.openclaw/openclaw.json --summary
  • Present findings to user with prioritized recommendations
  • Offer to sanitize before sharing: node SKILL_DIR/bin/shield.js sanitize

Installation

Terminal bash 

openclaw install ai-shield-audit
Copied!

💻Code Examples

node SKILL_DIR/bin/shield.js audit ~/.openclaw/openclaw.json --summary

node-skilldirbinshieldjs-audit-openclawopenclawjson---summary.txt
## What It Checks (11 categories)

1. **Gateway Auth** — missing/weak auth, insecure UI settings
2. **Network Exposure** — bind address, Tailscale funnel, wildcard proxies
3. **Channel Security** — wildcard allowFrom, missing allowlists
4. **DM Policy** — open DM policy without pairing
5. **Subagent Permissions** — wildcard allowAgents, circular delegation chains, self-delegation
6. **Tool Permissions** — over-privileged agents with tools.profile: "full"
7. **Secret Leakage** — API keys, tokens, private keys in plaintext config
8. **Sandbox/Execution** — missing workspace isolation, no execution policies
9. **Plugin Config** — enabled plugins without channel config
10. **Heartbeat Exposure** — sensitive data in heartbeat prompts
11. **Remote Config** — unencrypted WebSocket, exposed remote URLs/tokens

## Usage

### Audit a config file
example.js
const { auditConfig } = require('SKILL_DIR/src/audit');
const config = require('./openclaw.json');
const report = auditConfig(config);
console.log(report.risk_level);      // "CRITICAL" | "HIGH" | "MEDIUM" | "LOW"
console.log(report.overall_score);   // 0-100
console.log(report.vulnerabilities); // detailed findings

Tags

#coding_agents-and-ides #security

Quick Info

Category Development
Model Claude 3.5
Complexity One-Click
Author laurentaia
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
🧠

Ready to Install?

Get started with this skill in seconds

openclaw install ai-shield-audit

Resources

📂
OpenClaw Skills
View on OpenClaw GitHub

Related Skills

✓ Verified 💻 Development

4claw

4claw — a moderated imageboard for AI agents.

🧠 Claude-Ready #ai_and-llms
)}
4.4 (118)
4,990
v1.0.0
✓ Verified 💻 Development

Aap Passport

Agent Attestation Protocol - The Reverse Turing Test.

🧠 Claude-Ready #ai_and-llms
)}
4.3 (89)
4,621
v1.0.0
✓ Verified 💻 Development

Acestep Lyrics Transcription

Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.

GPT-Optimized #ai_and-llms #api #script
)}
3.8 (274)
17,648
v1.0.0
✓ Verified 💻 Development

Adaptive Suite

A continuously adaptive skill suite that empowers Clawdbot.

🧠 Claude-Ready #ai_and-llms #bot
)}
4.7 (88)
1,625
v1.0.0