SecurityClaw is a security-focused OpenClaw skill scanner. It inspects skills for risky patterns, scores findings, recommends actions (allow, review, quarantine), and supports continuous monitoring.
Copy-paste one-shot install:
npx github:mallen-lbx/SecurityClaw installCopy-paste global install:
npm i -g github:mallen-lbx/SecurityClaw
securityclaw install- Scans OpenClaw third-party/custom skills for command execution, network egress, prompt injection markers, sensitive path usage, and install-hook risk indicators.
- Produces evidence-based reports with file/line proof.
- Creates an ELI5 removal summary when quarantine candidates exist.
- Supports owner-driven decisions:
Delete,Report,Allow,Scan all. - Sends notifications (Telegram, webhook, or stdout fallback).
- Watches for new/changed skills and scans automatically.
- Maintains monthly scan logs.
- SecurityClaw itself should be omitted from routine target-skill testing scope to avoid self-referential scanner hits.
For normal security reviews, scan the skills you want to audit and exclude securityclaw-skill from your target test set.
If securityclaw-skill is in the same directory, allowlist it in ~/.openclaw/securityclaw-allowlist.json for routine scans.
This repo is public and installable directly from GitHub.
npx github:mallen-lbx/SecurityClaw installnpm i -g github:mallen-lbx/SecurityClaw
securityclaw install- Copies the skill to
~/.openclaw/skills/securityclaw-skill. - Installs persistent auto-scan scheduler:
- macOS:
launchdlabelcom.openclaw.securityclaw.watch - Linux:
systemd --userservicesecurityclaw-watch.service
- macOS:
- If Linux scheduler dependency is missing, installer:
- warns during installation,
- shows an install command,
- offers to install it automatically.
Run a one-time scan:
securityclaw scan --skills-dir ~/.openclaw/skillsEquivalent direct Python command:
python3 ~/.openclaw/skills/securityclaw-skill/scripts/securityclaw_scan.py --skills-dir ~/.openclaw/skillsSecurityClaw watch mode scans new or changed skills automatically.
- Scheduler starts watch mode at login/user session.
- Watch mode writes report files only when findings require
revieworquarantine. - Watch mode always notifies when a new skill is scanned.
Direct watch command:
securityclaw scan --skills-dir ~/.openclaw/skills --watch --watch-scan-on-startAll outputs are under:
~/.openclaw/SecurityClaw_Scans
- JSON:
Security_Scan-(MM)-(DD)-(YYYY)-(scan number).json - Markdown:
Security_Scan-(MM)-(DD)-(YYYY)-(scan number).md - ELI5 (only for quarantine candidates):
Security_Scan-(MM)-(DD)-(YYYY)-(scan number)-ELI5.md
Example:
Security_Scan-02-06-2026-001.md
When quarantine candidates exist, Markdown report includes Quarantine Evidence (4 findings each) with proof entries (rule, file, line, context, confidence, excerpt).
- Directory:
~/.openclaw/SecurityClaw_Scans/Scan_Logs - File pattern:
<Month>.log(example:April.log) - Per-scan line format:
scan completed 04-06-26 12:00:00
Notification config path:
~/.openclaw/securityclaw-notify.json
Template:
skills/securityclaw-skill/references/notification.example.json
Supported channels:
telegramwebhookstdout
If no working notification channel is configured, SecurityClaw prints a stdout fallback message so users are still notified.
- Allowlist template:
skills/securityclaw-skill/references/allowlist.example.json
- Notification template:
skills/securityclaw-skill/references/notification.example.json
Default runtime config paths:
- Allowlist:
~/.openclaw/securityclaw-allowlist.json - Notifications:
~/.openclaw/securityclaw-notify.json
- Enumerate skill directories.
- Hash each skill for stable identity.
- Run context-aware static checks.
- Apply allowlist suppression (if configured).
- Compute severity, confidence, risk score, and recommendation.
- On
quarantinerecommendation, include 4 proof findings. - Save reports (based on report mode), create ELI5 summary when needed.
- Send notifications.
- Append monthly scan log entry.
Check status:
launchctl print gui/$(id -u)/com.openclaw.securityclaw.watchRestart:
launchctl kickstart -k gui/$(id -u)/com.openclaw.securityclaw.watchCheck status:
systemctl --user status securityclaw-watch.serviceRestart:
systemctl --user restart securityclaw-watch.serviceEnable at login/session:
systemctl --user enable --now securityclaw-watch.serviceOptional (run after logout too):
loginctl enable-linger $USER- Use one-shot install:
npx github:mallen-lbx/SecurityClaw install - If globally installed, ensure npm global bin is in
PATH.
- Install Python 3 and rerun install.
- You can set a specific interpreter:
securityclaw install --python-bin /usr/bin/python3- Installer will notify and print an install command.
- Re-run installer after dependency install.
- Manual fallback:
securityclaw scan --skills-dir ~/.openclaw/skills --watch --watch-scan-on-start- This is expected when there are no
review/quarantinefindings. - Check monthly scan logs for scan activity.
- Validate
~/.openclaw/securityclaw-notify.json. - Even with broken channels, stdout fallback notification is emitted.
- Add allowlist entries for approved skills/rules.
- Re-scan and review
suppressedFindingsin JSON report.
skills/securityclaw-skill/- skill package and scanner scriptsskills/securityclaw-skill/scripts/securityclaw_scan.py- core scannerskills/securityclaw-skill/scripts/install_securityclaw.py- scheduler installer (launchd/systemd)bin/securityclaw.js- npm CLI wrapper (install,scan)handoff/- product/spec/prompt handoff artifactsdocs/plans/- execution plans
If you want to modify or extend SecurityClaw, start with the handoff/ folder. It contains PRD/spec/prompt materials intended to help continue development with full context.
MIT (see LICENSE).