Tools
Secureclaw
By SecureClaw - Security Plugin and Skill for OpenClaw OWASP-Aligned
Install
npm install
npmConfiguration Example
{
"plugins": {
"entries": {
"secureclaw": {
"enabled": true,
"config": {
"cost": {
"hourlyLimitUsd": 2,
"dailyLimitUsd": 10,
"monthlyLimitUsd": 100,
"circuitBreakerEnabled": true
},
"autoHarden": false
}
}
}
}
}README
# SecureClaw
End-to-End security paltform for [OpenClaw](https://openclaw.ai) AI agents.
Audit, Hardening and Runtine Security for Openclaw.
Developed by [Adversa AI](https://adversa.ai) -- Agentic AI Security and Red Teaming Pioneers.
51 audit checks. 15 behavioral rules. 9 scripts. 4 pattern databases. 5 security frameworks mapped.
10/10 OWASP ASI | 10/14 MITRE ATLAS | 4/4 MITRE OpenClaw Cases | 3/3 CoSAI Principles | CSA Singapore
SecureClaw is a 360-degree security plugin and skills tahat audits your OpenClaw installation for misconfigurations and known vulnerabilities, applies automated hardening fixes, and gives your agent behavioral security rules that protect against prompt injection, credential theft, supply chain attacks, and privacy leaks.
1️⃣ Full OWASP Agentic Security Top 10 coverage. Static and runtime. We're the first and only OpenClaw security tool to formally map every control to the ASI framework. 10/10 categories.
2️⃣ Every known incident. Every known CVE up untill now. All 8 documented threat classes from the OpenClaw Security 101 research have specific countermeasures. Not generic "be careful" advice — actual detection and hardening for each one.
3️⃣ Plugin + Skill layered defense. The plugin runs as code — gateway hardening, permission lockdown, credential scanning. The skill runs as LLM directives — injection awareness, PII scanning, integrity monitoring. Two layers. Each catches the failures of the other.
4️⃣ Ultra-lean ~1,230 token skill. Most security skills dump thousands of tokens into context, competing with your actual conversations. Ours is 15 rules and a set of bash scripts. All detection logic runs as bash — zero LLM tokens. Your agent stays fast, stays focused, stays protected.
```mermaid
graph TB
subgraph SecureClaw["SecureClaw Defense Layers"]
L1["Layer 1: Audit<br/>51 checks · 8 categories<br/>OWASP ASI mapped"]
L2["Layer 2: Hardening<br/>5 modules · auto-fix<br/>backup + rollback"]
L3["Layer 3: Behavioral Rules<br/>15 LLM directives · ~1,230 tokens<br/>runtime protection"]
end
Agent["OpenClaw Agent"] --> L3
L3 --> L2
L2 --> L1
L1 --> Infra["Infrastructure<br/>Gateway · Files · Credentials"]
```
```mermaid
flowchart LR
Install["Install"] --> Audit["Audit<br/>51 checks"]
Audit --> Report["Report<br/>findings"]
Report --> Harden["Harden<br/>auto-fix"]
Harden --> Monitor["Monitor<br/>runtime"]
Monitor --> Respond["Respond<br/>incidents"]
```
---
## Table of Contents
1. [What Problem Does SecureClaw Solve](#1-what-problem-does-secureclaw-solve)
2. [Architecture Overview](#2-architecture-overview)
3. [Installation](#3-installation)
4. [Getting Started in 5 Minutes](#4-getting-started-in-5-minutes)
5. [The Security Audit](#5-the-security-audit)
6. [Automated Hardening](#6-automated-hardening)
7. [Scripts Reference](#7-scripts-reference)
8. [Pattern Databases](#8-pattern-databases)
9. [The 15 Agent Rules](#9-the-15-agent-rules)
10. [OWASP ASI Coverage Map](#10-owasp-asi-coverage-map)
11. [Multi-Framework Coverage](#11-multi-framework-coverage)
12. [Plugin CLI Reference](#12-plugin-cli-reference)
13. [Configuration](#13-configuration)
14. [Background Monitors](#14-background-monitors)
15. [Incident Response](#15-incident-response)
16. [Uninstalling](#16-uninstalling)
17. [Frequently Asked Questions](#17-frequently-asked-questions)
18. [Threat Model](#18-threat-model)
19. [Development](#19-development)
---
## 1. What Problem Does SecureClaw Solve
AI agents with access to your files, credentials, email, and the internet are a fundamentally different security surface than traditional software. An agent that can read your `.env` file and send HTTP requests can exfiltrate your API keys in a single tool call. An agent that trusts instructions embedded in a web page or email can be hijacked to act against your interests.
SecureClaw addresses this by operating on three layers:
**Layer 1 -- Audit.** 51 automated checks across 8 categories scan your OpenClaw installation for known misconfigurations: exposed gateway ports, weak file permissions, missing authentication, plaintext credentials outside `.env`, disabled sandboxing, and more.
**Layer 2 -- Hardening.** Automated fixes for the most critical findings: binding the gateway to localhost, locking down file permissions, adding privacy and injection-awareness directives to your agent's core identity file, and creating cryptographic baselines for tamper detection.
**Layer 3 -- Behavioral rules.** 15 rules loaded into your agent's context that govern how it handles external content, credentials, destructive commands, privacy, and inter-agent communication. These rules cost approximately 1,230 tokens of context window and provide defense against prompt injection, data exfiltration, and social engineering -- attacks that cannot be prevented by infrastructure configuration alone.
---
## 2. Architecture Overview
SecureClaw has two independently useful components:
### The Plugin (TypeScript)
A full OpenClaw plugin with 51 audit checks, 5 hardening modules, 3 background monitors, and CLI integration. Requires Node.js 18+ and installs via `openclaw plugins install`.
### The Skill (Bash + JSON)
A standalone security skill that works without the plugin. It consists of:
- **SKILL.md** -- 15 behavioral rules loaded into the agent's context (~1,230 tokens)
- **9 bash scripts** -- audit, harden, scan, integrity check, privacy check, advisory feed, emergency response, install, uninstall
- **4 JSON pattern databases** -- injection patterns, dangerous commands, privacy rules, supply chain indicators
The skill is designed to be lightweight. All detection logic runs as external bash processes that consume zero LLM tokens. The agent only carries the 15 rules in its context window; everything else executes outside the model.
### Directory Structure
```
secureclaw/
src/ TypeScript plugin source
index.ts Plugin entry point, CLI commands
auditor.ts 51-check audit engine
hardener.ts Backup/rollback hardening
types.ts All TypeScript interfaces
hardening/ 5 hardening modules
monitors/ 3 background monitors
reporters/ Console + JSON output formatters
utils/ IOC database, crypto, hashing
skill/ Standalone security skill
SKILL.md 15 behavioral rules
skill.json Metadata + OWASP ASI mapping
checksums.json SHA256 hashes for all skill files
configs/ 4 JSON pattern databases
scripts/ 9 bash scripts
openclaw.plugin.json Plugin manifest
package.json npm package metadata
```
### Compatibility
SecureClaw supports three OpenClaw-compatible agents:
| Agent | Config Directory | Config File |
|-------|-----------------|-------------|
| OpenClaw | `~/.openclaw` | `openclaw.json` |
| Moltbot | `~/.moltbot` | `moltbot.json` |
| Clawdbot | `~/.clawdbot` | `clawdbot.json` |
All scripts auto-detect which agent is installed by checking these directories in order. The `~/clawd` directory is also checked as a fallback.
---
## 3. Installation
### Option A: Skill only (recommended)
The fastest way to get SecureClaw running. No Node.js, no build step — just bash and standard Unix tools:
```sh
git clone https://github.com/adversa-ai/secureclaw.git
bash secureclaw/secureclaw/skill/scripts/install.sh
```
This installs the 15 behavioral rules, 9 scripts, and 4 pattern databases to your agent's skills directory. If a workspace directory exists (`~/.openclaw/workspace/`), the installer also copies the skill there and registers it in `AGENTS.md` and `TOOLS.md` for automatic agent discovery.
### Option B: Plugin from source
For the full TypeScript plugin with 51 audit checks, background monitors, and CLI integration:
```sh
git clone https://github.com/adversa-ai/secureclaw.git
cd secureclaw/secureclaw
npm install
npm run build
npx openclaw plugins install -l .
```
The plugin includes the skill. After installing, run `npx openclaw secureclaw skill install` to deploy the skill files to your agent's workspace.
### Option C: ClawHub
Install the skill directly from [ClawHub](https://clawhub.io):
1. Search for **SecureClaw** on ClawHub
2. Click Install
3. The skill is automatically deployed to your agent's workspace
### What the Installer Does
1. Locates your OpenClaw installation directory (`~/.openclaw`, `~/.moltbot`, `~/.clawdbot`, or `~/clawd`)
2. Reads the skill version from `skill.json`
3. If a previous version exists, creates a timestamped backup (`secureclaw.bak.<timestamp>`)
4. Copies all skill files to `~/.openclaw/skills/secureclaw/`
5. Sets executable permissions on all scripts
6. If a workspace exists, also copies to `~/.openclaw/workspace/skills/secureclaw/`
7. Removes old `secureclaw-advisor` directory if present (legacy name)
8. Registers SecureClaw in `TOOLS.md` and `AGENTS.md` if not already present
The installer is idempotent. Running it again performs an update. If the source and destination are the same directory (e.g., running from an already-installed location), the copy step is skipped automatically.
---
## 4. Getting Started in 5 Minutes
After installation, three commands give you a complete security baseline:
**Step 1: Audit your installation.**
```sh
bash ~/.openclaw/skills/secureclaw/scripts/quick-audit.sh
```
This runs all checks and outputs a scored report. Each finding shows its severity (CRITICAL, HIGH, MEDIUM), its OWASP ASI reference code, and what to do about it.
**Step 2: Apply automated fixes.**
```sh
bash ~/.openclaw/skills/secureclaw/scripts/quick-harden.sh
```
This fixes the most common issues: binds the gateway to localhost, locks down file permissions, adds privacy and injectio
... (truncated)
tools
Comments
Sign in to leave a comment