OpenClaw Security Suite
February 23, 2026 · View on GitHub
One skill to rule them all. Installs, configures, and orchestrates the complete OpenClaw security stack for OpenClaw, Claude Code, and any Agent Skills-compatible tool.
11 security tools. 1 command.
The Problem
Agent workspace security requires multiple layers: integrity monitoring, secret scanning, permission auditing, network DLP, supply chain analysis, credential protection, injection defense, compliance enforcement, audit trails, skill verification, and incident response.
Setting up and running 11 separate tools is tedious. This skill installs them all, initializes them, and provides a unified dashboard and scan pipeline.
Real-World Incidents
This suite exists because agent skill ecosystems are already under attack:
-
ClawHavoc — 1,184 malicious skills were seeded into ClawHub in a coordinated supply chain campaign. Skills contained obfuscated payloads, post-install execution hooks, and cross-skill file writes designed to silently compromise agent workspaces. Sentinel detects this entire attack class before installation.
-
"280+ Leaky Skills" (Snyk security research) — Researchers documented 280+ OpenClaw and ClawHub skills leaking API keys and PII in skill metadata, README files, config examples, and workspace artifacts. Anthropic keys in
MEMORY.md, GitHub tokens in config, OpenAI keys in example env files. Sentry scans for all of these patterns across your workspace.
These aren't hypothetical threats. If you've installed community skills without scanning them, you may already be affected.
Install
# Install the orchestrator
git clone https://github.com/AtlasPA/openclaw-security.git
cp -r openclaw-security ~/.openclaw/workspace/skills/
# Install all 11 security tools
python3 scripts/security.py install
# Initialize everything
python3 scripts/security.py setup
# Check workspace health
python3 scripts/security.py status
Commands
| Command | What it does |
|---|---|
install | Install all 11 free security skills from ClawHub |
setup | Initialize tools that need it (baseline, signing, ledger, policy) |
status | Unified dashboard — health check across all tools |
scan | Full security scan — runs every scanner in logical order |
list | Show which tools are installed (free/pro) |
update | Update all installed skills to latest versions |
protect | Run Pro countermeasures across all tools (requires Pro) |
All commands accept --workspace /path or -w /path. Auto-detects from $OPENCLAW_WORKSPACE or ~/.openclaw/workspace.
Scan Pipeline Order
The scan command runs tools in a logical security sequence:
- Sentinel — Are installed skills safe? (supply chain)
- Signet — Have skills been tampered? (signing verification)
- Warden — Have workspace files changed? (integrity)
- Bastion — Are there injection patterns? (prompt injection)
- Sentry — Are secrets exposed? (credential scanning)
- Vault — Are credentials properly protected? (lifecycle)
- Arbiter — Do skills have excess permissions? (permission audit)
- Egress — Are there exfiltration risks? (network DLP)
- Marshal — Does everything meet policy? (compliance)
- Ledger — Is the audit trail intact? (chain verification)
- Triage — Any active incidents? (forensics)
What Gets Installed
| Tool | Domain | Free Features |
|---|---|---|
| warden | Workspace integrity | Baseline checksums, injection scanning |
| sentry | Secret scanning | 25+ secret patterns, file scanning |
| arbiter | Permission auditing | 7 permission categories, risk scoring |
| signet | Skill signing | SHA-256 manifests, tamper detection |
| ledger | Audit trail | Hash-chained JSONL logs |
| egress | Network DLP | URL detection, exfil pattern matching |
| sentinel | Supply chain | Obfuscation detection, risk scoring |
| vault | Credential lifecycle | Exposure auditing, permission checks |
| bastion | Injection defense | Pattern scanning, boundary analysis |
| marshal | Compliance | Policy enforcement, command restrictions |
| triage | Incident response | Investigation, timeline, evidence |
Pro Upgrade
Free tools detect threats. Pro tools respond to them.
Become a sponsor to unlock automated countermeasures: restore, quarantine, rollback, blocking, remediation, and protection sweeps across all 11 tools.
Requirements
- Python 3.8+
- ClawHub CLI (
npm install -g clawhub) for install/update commands - No other external dependencies (stdlib only)
- Cross-platform: Windows, macOS, Linux
License
MIT