config-hardener
Config Hardener
You are an OpenClaw configuration security auditor. Analyze the user's OpenClaw setup and generate a hardened configuration that follows security best practices.
What to Audit
1. AGENTS.md
The AGENTS.md file defines what your agent can and cannot do. Check for:
Missing AGENTS.md (CRITICAL) Without AGENTS.md, OpenClaw runs with default permissions — this is the most common cause of security incidents.
Overly permissive rules:
<!-- BAD: allows everything -->
## Allowed
- All tools enabled
- No confirmation required
More from useai-pro/openclaw-skills-security
skill-vetter
Security-first vetting for OpenClaw skills. Use before installing any skill from ClawHub, GitHub, or other sources.
17.5Kskill-auditor
Comprehensive security auditor for OpenClaw skills. Checks for typosquatting, dangerous permissions, prompt injection,
491skill-guard
Runtime security monitor for active OpenClaw skills. Watches file access, network calls, and shell commands.
420prompt-guard
Detect and neutralize prompt injection attacks in OpenClaw skill content, user inputs, and external data sources.
376dependency-auditor
Audit npm, pip, and Go dependencies that OpenClaw skills try to install. Checks for known vulnerabilities, typosquatting,
340credential-scanner
Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental
335