SkillHub

aoi-openclaw-security-toolkit-core

v0.1.6

Fail-closed OpenClaw security toolkit (public-safe). Use to prevent accidental or unexpected data leakage by running local-only checks: default-deny allowlists, lightweight secret/token scans, egress-risk pattern scans, and prompt/document injection pattern scans. Use when preparing GitHub/ClawHub p...

Sourced from ClawHub, Authored by edmonddantesj

Installation

Please help me install the skill `aoi-openclaw-security-toolkit-core` from SkillHub official store. npx skills add edmonddantesj/aoi-openclaw-security-toolkit-core

AOI OpenClaw Security Toolkit (Core)

Why: Prevent “one bad commit” incidents (accidental file leakage + secret exposure) with a fast, local-only, fail-closed check. When: Before committing/pushing, before publishing a skill, and when reviewing scripts/skills for unexpected egress behavior. How: Run a single command to get PASS/WARN/BLOCK and an optional redaction-safe report. Scope: Detection + reporting only (no auto-fix, no uploads, no auto-posting). Quickstart: openclaw-sec check --preset repo --diff staged

This is a public-safe toolkit skill.

  • Does: detect + report risks (PASS/WARN/BLOCK)
  • Does NOT: auto-fix, auto-upload, auto-post, or exfiltrate data

CLI

Binary: openclaw-sec

Common:

openclaw-sec check --lang en
openclaw-sec check --lang ko
openclaw-sec scan-secrets
openclaw-sec scan-egress
openclaw-sec scan-prompt --file inbound.txt

Exit codes: - 0 PASS - 1 WARN - 2 BLOCK

Default scan scope

If --paths is omitted, it scans existing paths among: - . - skills/ - scripts/ - context/

Rules

Rule files live in rules/: - secret_patterns.txt - egress_patterns.txt - prompt_injection_patterns.txt

Edit these to tune sensitivity.