config-encryption-auditor
Config Encryption Auditor
What it does
OpenClaw stores configuration in ~/.openclaw/ — API keys, channel tokens, provider credentials. By default, these are plaintext YAML or JSON files readable by any process on your machine.
OpenLobster solved this with AES-GCM encrypted config files. We can't change OpenClaw's config format, but we can audit it — scanning for exposed secrets, flagging unencrypted credential files, and suggesting migrations to environment variables or encrypted vaults.
When to invoke
- Automatically, every Sunday at 9am (cron)
- After initial OpenClaw setup
- Before deploying to shared infrastructure
- After any config change that adds new API keys
Checks performed
| Check | Severity | What it detects |
|---|
More from archieindian/openclaw-superpowers
context-window-management
Prevents context overflow on long-running OpenClaw sessions. Use when approaching context limits.
28heartbeat-governor
Enforces per-skill execution budgets for scheduled cron skills — pauses runaway skills that exceed their token or wall-clock budget before they drain your monthly API allowance.
27using-superpowers
Bootstrap skill — teaches the agent how to find and invoke skills. Use when starting any new task or session.
23long-running-task-management
Breaks multi-hour tasks into checkpointed stages with resume capability. Use when a task is expected to take more than 30 minutes or multiple sessions.
22fact-check-before-trust
Triggers a secondary verification pass for any agent output containing factual claims, numbers, dates, or named entities before the output is acted on
21persistent-memory-hygiene
Keeps OpenClaw's memory store clean, structured, and useful. Use at session end and during periodic maintenance.
20