Skip to content
/ openclaw-audit Public

A lightweight security configuration scanner and hardening tool for OpenClaw AI agents. Designed for red teaming and securing agentic workflows.

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ca7ai/openclaw-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
audit.py
audit.py
 
 
harden.py
harden.py
 
 

Repository files navigation

OpenClaw Audit

Python Version License Security

OpenClaw Audit is a security configuration scanner for OpenClaw AI agents. It analyzes your openclaw.json configuration file to identify security misconfigurations that could leave your agent vulnerable to unauthorized access or remote control.

⚠️ DISCLAIMER: This tool modifies system-level configurations and file permissions. Use at your own risk. The author is not responsible for any data loss, system instability, or locked-out accounts. Always test in a non-production environment first.

Supported Platforms

  • Linux (Ubuntu, Debian, Fedora, CentOS, etc.) - ✅ Full Support
  • macOS - ✅ Full Support
  • Windows (10/11) - ⚠️ Partial Support
    • Note: File permission automation (chmod 600) is not available on Windows. The tool will skip this check and provide instructions for manual verification via File Explorer.

Tools Included

1. audit.py - Security Scanner

Non-destructive scanner that reports vulnerabilities.

2. harden.py - Automated Hardening

Interactive script that fixes vulnerabilities found by the auditor.

  • Backs up your config (.json.bak.security) before touching it.
  • Locks down file permissions (chmod 600) (Linux/macOS).
  • Binds Gateway to localhost.
  • Enables Token Authentication (and generates strong tokens).
  • Sets Channel Policies to pairing (prevents random DM access).

Installation

To get started, clone the repository and navigate into the project directory.

# Clone the repository
git clone https://github.com/ca7ai/openclaw-audit.git

# Enter the directory
cd openclaw-audit

## Usage

No external dependencies required. Runs with standard Python 3.

### Audit Mode (Check Only)
```bash
python3 audit.py

Hardening Mode (Fix Issues)

python3 harden.py

Follow the interactive prompts to apply fixes.

Example Output

openclaw-audit

Security Recommendations

  • Gateway Binding: Never bind to 0.0.0.0 unless you are behind a VPN.
  • Authentication: Ensure the Gateway has a strong token.
  • Channel Policy: Use pairing or allowlist. open policies allow strangers to use your bot.
  • API Keys: Use environment variables, not hardcoded keys in openclaw.json.

⚠️ A Note on exec (Shell Access)

This tool audits your configuration, not your capabilities. If your bot has the exec tool enabled (which allows running shell commands), you must ensure your Channel Policies are strict (allowlist).

  • Risk: If exec is on + Channel is open = Anyone can delete your files.
  • Check: Look in your tools/ directory. If exec is present, be extra careful.

Acknowledgments

This tool is designed to support the OpenClaw Project. Special thanks to the OpenClaw contributors for creating a powerful, MIT-licensed framework for AI agents.

License

This project is Source Available under the PolyForm Noncommercial License 1.0.0.

✅ Permitted: Personal use, research, hobby projects, and non-commercial organizations.

❌ Prohibited: Any use with an anticipated commercial application without explicit permission from the author.

About

A lightweight security configuration scanner and hardening tool for OpenClaw AI agents. Designed for red teaming and securing agentic workflows.

Topics

ai-security ai-agent ai-audit clawdbot moltbot openclaw

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages