SecurityClaw

Security-first skill auditing and quarantine for OpenClaw skills. Use when installing new skills, reviewing skills from unknown sources, scanning skills for prompt injection/exfiltration/supply-chain risks, or when a bot suspects a skill is malicious. Guides static + optional sandbox checks, quarantines suspicious skills, and produces an owner-action checklist (Delete / Report / Allow / Scan all).

SecurityClaw (Skill Scanner)

Use the scanner script

Run the scanner (read-only by default):

python3 scripts/securityclaw_scan.py --skills-dir ~/.openclaw/skills --out report.json

Quarantine anything suspicious (moves folders, no deletion):

python3 scripts/securityclaw_scan.py --skills-dir ~/.openclaw/skills --quarantine-dir ~/.openclaw/skills-quarantine --quarantine --out report.json

What to do when findings exist

If the report shows severity >= high for any skill:

1) Do not execute the skill. 2) Quarantine the skill folder. 3) Notify the owner with: - skill name - top reasons + file/line locations - recommended action 4) Await owner instruction: - Delete: remove quarantined skill - Report: prepare public report / IOCs (no secrets) - Allow: add allowlist entry and restore - Scan all: deep scan everything

Optional: sandbox/dynamic checks (advanced)

Dynamic checks are optional and should run only after owner approval.

Prefer running unknown code with:
- no network egress
- read-only filesystem except a temp workspace
- no access to OpenClaw config/secrets

See references/sandboxing.md.

Files

scripts/securityclaw_scan.py — main scanner + quarantine
references/rules.md — rule catalog (what we flag and why)
references/sandboxing.md — safe sandbox strategy + what to avoid

Détails

Version

v1.0.0

Téléchargements

1,527

Étoiles

ClawHub

Voir sur ClawHub