security-guardian

Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-guardian" with this command: npx skills add 1999AZZAR/security-guardian

Security Guardian

System for automated security auditing and credential protection.

Core Workflows

1. Secret Scanning

Scan specific project directories for hardcoded credentials.

  • Tool: scripts/scan_secrets.py
  • Usage: python3 $WORKSPACE/skills/security-guardian/scripts/scan_secrets.py <path_to_project>
  • Workflow:
    1. Execute scan on a specific project or directory.
    2. If findings are reported (exit code 1):
      • Review the file and line number.
      • Transition: Move the secret to a secure vault (e.g., using the mema-vault skill).
      • Redact: Replace the plaintext secret in the source code with an environment variable or a vault lookup call.

2. Container Vulnerability Scan

Analyze Docker images for vulnerabilities prior to deployment.

  • Tool: scripts/scan_container.sh
  • Usage: bash $WORKSPACE/skills/security-guardian/scripts/scan_container.sh <image_name>
  • Logic: Identify HIGH and CRITICAL severities. Recommend base image updates or security patches.

Security Guardrails

  • Scope Limitation: Avoid scanning system-level directories. Focus only on relevant project workspaces.
  • Credential Isolation: Hardcoded secrets are considered a high-severity finding.
  • Dependencies: Container scanning requires trivy to be installed on the host system.

Integration

  • Vaulting: This skill identifies leaks. Remediation should be performed using a dedicated credential manager like mema-vault.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

DeepSafe Scan

Preflight security scanner for OpenClaw — scans deployment config, skills, memory/sessions for secrets, PII, prompt injection, and dangerous patterns. Runs 4...

Registry SourceRecently Updated
069
Profile unavailable
Security

AgentShield Scanner

Scan AI agent skills, MCP servers, and plugins for security vulnerabilities. Use when: user asks to check a skill/plugin for safety, audit security, scan for...

Registry SourceRecently Updated
066
Profile unavailable
Security

Otc Confirmation

One-Time Confirmation code security mechanism for sensitive agent operations. Generates a cryptographically secure single-use code, delivers it via a private...

Registry SourceRecently Updated
0184
Profile unavailable