Get from zero to a security score in under 5 minutes.
git clone https://github.com/X-Scale-AI/grits-agent-scanner.git
cd grits-agent-scanner
# OpenClaw
./grits-agent-scanner
# NVIDIA NemoClaw
./grits-agent-scanner --agent nemoclawNo dependencies. Python 3 stdlib only.
The scanner reads your actual config files and checks 20 things across 5 security layers. It tells you in plain language what each failure means, what you can fix now, and what needs an expert. Nothing is modified.
./grits-agent-secureShows you exactly what will change, creates a backup location, and prints the rollback command. Nothing is applied until you confirm.
./grits-agent-secure --applyThe fixer will:
- Show what it will change
- Create a full backup with a rollback command
- Ask for confirmation
- Apply only if you say yes
Covers: firewall, tool deny list, sandbox mode, file permissions, dangerous flags.
./grits-agent-scannerYour score should go up. Remaining findings are the ones that need human judgment (network segmentation, secrets architecture, identity setup, audit logging).
For the issues the auto-fixer cannot handle:
Option A: Do it yourself using the guides in apply/openclaw/ or apply/nemoclaw/.
Option B: Talk to an expert. Schedule a free 30-min call: https://xscaleai.com/consult
# Linux host (CIS Benchmark + DISA STIG)
sudo bash tools/harden.sh
# Docker host
sudo bash tools/harden-docker.shReview the configuration section at the top of each script before running.
# Terminal (default) -- color output, designed for screenshots
./grits-agent-scanner
# Markdown -- for PRs, wikis, security reports
./grits-agent-scanner --report > security-report.md
# JSON -- for dashboards, CI/CD, automation
./grits-agent-scanner --json > scan-results.jsonScored with GRITS v0.3.0 by X Scale AI https://github.com/X-Scale-AI/grits-agent-scanner | https://xscaleai.com