🔐 SecureClaw

Cross-platform security scanner and remediation tool for OpenClaw / Clawdbot

SecureClaw is a comprehensive security toolkit that audits and fixes security issues in OpenClaw and Clawdbot installations. It runs 33+ checks across 18 categories, auto-fixes config-level issues, and organizes findings into severity tiers (T1-T4) so you can prioritize what matters most.

- 🔒 Credential protection (file permissions, ownership hardening)
- 🛡️ Prompt injection detection
- 🔑 Plaintext secret detection
- 👤 Privilege escalation checks
- 📦 Skill supply chain security
- 🔍 Code obfuscation detection
- 📝 Security documentation generation
- 🌐 Zero-trust tunnel detection (Tailscale, Cloudflare Tunnel)
- 🧩 OpenClaw-specific checks (commands, sandbox, plugins, agents, hooks)

Installation

``bash npm install -g secureclaw`

Zero npm dependencies. Requires Node >= 18.

`Quick Start`

`$3`

`bash

`Auto-detect OpenClaw/Clawdbot installation`


secureclaw audit
Scan specific path

secureclaw audit /path/to/openclaw
Output as JSON, SARIF, or HTML

secureclaw audit --format json --output report.json
secureclaw audit --format sarif --output report.sarif
secureclaw audit --format html --output report.html
Filter by minimum severity

secureclaw audit --severity high

$3

`bash

`Interactive mode (approve each fix)`


secureclaw fix
Automatic mode (apply all fixes)

secureclaw fix --auto
Fix only critical-tier issues

secureclaw fix --auto --tier T1
Fix critical + high-risk issues

secureclaw fix --auto --tier T2

$3

`bash

`Quick overview without full scan output`


secureclaw summary


Features
$3
1. Control Panel Security - Gateway authentication, token strength, IP binding, zero-trust tunnel detection
2. Prompt Injection Protection - Detects missing prompt-guard skill
3. Plaintext Secrets - Finds API keys, tokens in config files
4. Skill Supply Chain - Scans for malicious patterns, exfiltration domains
5. Privilege Configuration - Checks for root/admin execution
6. Security Documentation - Validates SECURITY.md presence
7. Code Obfuscation - Detects base64, eval(), exec() usage
8. Credential Encryption - Validates encryption at rest
9. Browser Control Exposure - RCE risk, JavaScript evaluation
10. Filesystem Permissions - World-readable configs
11. DM Pairing - Open DM policy, session isolation
12. Group Mention Gating - Group chat attack surface
13. Model Provider Privacy - Data retention warnings
14. Tool Policy Enforcement - Unrestricted tools, elevated permissions
15. Incident Response - Audit logging, log redaction
16. MCP Server Security - Tool poisoning detection
17. Advanced Features - Shell commands, config editing, debug mode, webhooks, sandbox, plugins, agent-to-agent messaging
18. OpenClaw-Specific - Tailscale Funnel, insecure auth, context segregation
$3
Findings are organized into four tiers for prioritized remediation:
| Tier | Name | Description | Examples |
|------|------|-------------|----------|
| T1 | Critical Exposure | Immediate remote exploitation risk | No gateway auth, shell commands in chat, public Tailscale Funnel |
| T2 | High Risk | Significant security gaps | No context segregation, debug commands enabled, no plugin allowlist |
| T3 | Hardening | Defense-in-depth improvements | Sandbox read-write access, network-enabled containers, browser JS eval |
| T4 | Best Practice | Operational maturity | Log redaction patterns, session isolation, elevated tool restrictions |
$3

- Generate strong gateway tokens (64-char cryptographic) - Generate webhook authentication tokens - Disable dangerous chat commands (bash, config, debug, restart) - Disable agent-to-agent messaging - Set sandbox workspace to read-only - Isolate sandbox network (set tonone) - Disable shell environment sourcing - Disable Tailscale Funnel (switch toservemode) - Configure Tailscale zero-trust networking - Setup Cloudflare Tunnel (cloudflared) - Install prompt-guard skill - Enable context segregation - Generate security documentation (SECURITY.md) - Secure credentials (chmod 600 + ownership hardening) - Enable audit logging

`$3`

| Format | Flag | Use Case | |--------|------|----------| | Text |--format text| Terminal output (default) | | JSON |--format json| Programmatic consumption, CI/CD | | SARIF |--format sarif| GitHub Code Scanning integration | | HTML |--format html | Shareable reports with inline CSS |

`$3`

- ✅ Linux (Debian, Ubuntu, RHEL, CentOS) - ✅ macOS (Homebrew) - ✅ Windows (WSL)

`$3`

17 out of 20 auto-fix actions work without root/sudo. When a fix fails due to permissions, SecureClaw shows a boxed copy-paste command:

`[ERROR] Permission denied: Install Tailscale

┌─ Manual fix (copy & paste) ────────────────────── │ curl -fsSL https://tailscale.com/install.sh | sh && sudo tailscale up └─────────────────────────────────────────────────`

Commands are platform-aware (Linux gets apt/curl, macOS gets brew). Config edits use node -e one-liners since Node.js is guaranteed present.

`Usage Examples`

`$3`

`bash $ secureclaw audit ~/.openclaw`

Output:`╔═══════════════════════════════════════════════════════════════╗ ║ SecureClaw - Clawdbot Security Suite v1.5.0 ║ ╚═══════════════════════════════════════════════════════════════╝

[INFO] Running security audit... [INFO] Target: /home/user/.openclaw

SecureClaw Security Scanner v1.5.0 Platform: linux

[1/18] Checking Control panel security... [2/18] Checking Prompt injection protection... ... [17/18] Checking Advanced features... [18/18] Checking OpenClaw-specific security...

═══════════════════════════════════════════════════════ SECURITY ASSESSMENT COMPLETE ═══════════════════════════════════════════════════════

Findings: Critical: 5 High: 14 Medium: 9 Low: 3

Risk Score: 141 (SEVERE)`

`$3`

`bash

`Fix only T1 (critical exposure) issues first`


$ secureclaw fix --auto --tier T1
Tier filter: T1 (showing T1)
Fixable issues: 7/31
[SUCCESS] Gateway token updated (xjQMc1rL...)
[SUCCESS] Set gateway.tailscale.mode = "serve"
[SUCCESS] Webhook token generated (RUQQ4Y49...)
[SUCCESS] Set commands.bash = false

Fixed: 4 Failed: 3 (require sudo/system access)`

`$3`

`bash $ secureclaw fix`

Prompts for approval on each fix:`═══════════════════════════════════════════════════════ Finding 1/31 ═══════════════════════════════════════════════════════ Severity: CRITICAL Tier: T1 Title: Shell commands enabled in chat via ! prefix

[FIX] Setting commands.bash = false... Apply this fix? [Y/n]: y

[SUCCESS] Set commands.bash = false`

`$3`

`bash $ secureclaw audit --format sarif --output results.sarif

`Upload to GitHub via: gh api repos/OWNER/REPO/code-scanning/sarifs`


Risk Scoring
SecureClaw assigns risk scores based on finding severity:
- CRITICAL: 10 points each
- HIGH: 5 points each
- MEDIUM: 2 points each
- LOW: 1 point each

Risk Levels: -0-10: MINIMAL -11-20: LOW -21-30: MODERATE -31-50: HIGH -51+: SEVERE

`Configuration`

SecureClaw auto-detects OpenClaw and Clawdbot installations. When you provide a target path, it searches the target first, then falls back to the home directory:

`Search order (first match wins): 1. /.openclaw/openclaw.json ← Docker/container installs 2. /openclaw.json 3. /.clawdbot/clawdbot.json 4. /config.json 5. /clawdbot.json 6. ~/.openclaw/openclaw.json ← Home directory fallback 7. ~/.clawdbot/clawdbot.json`

When no target path is given, auto-detection checks: -~/.openclaw-~/.clawdbot-/opt/clawdbot- Common Node.js global module paths

Override with explicit path:`bash secureclaw audit /custom/path`

`$3`

Create .secureclawrc.json in your project root to set defaults:

`json { "format": "json", "severity": "medium", "tier": "T2", "ignore": ["no-security-md", "no-audit-log"], "output": "secureclaw-report.json" }`

`Exit Codes`

- 0: Success, no critical issues -1: Error during execution -2: Critical security issues found (audit mode)

`Requirements`

- Node.js: v18.0.0 or higher - Permissions: Some fixes require sudo/admin access - OpenClaw/Clawdbot: Compatible with OpenClaw 2026.x+ and Clawdbot 2024.x+

`Security`

Found a security issue in SecureClaw itself? Report it to: security@buguard.io

`License`

MIT License - see LICENSE file for details

`Support`

📧 Email: youssef@buguard.io

`Changelog`

See CHANGELOG.md for the full version history.

`$3`

- Config detection searches target path first, home directory as fallback - Scanner checks/.openclaw/openclaw.json` (Docker/container layouts)
- Filesystem permissions and vault checks use detected config path
- 88 tests

$3

- Platform-aware copy-paste manual fix commands in error output
- Removed non-existent dependencies (clawdbot-keyutils, universal-vault.sh)
- All external references verified against live registries
- Credential protection via file permissions instead of fake vault tools
- Non-root support: 17/20 fixes work without sudo

$3

See CHANGELOG.md for full history.

🔐 SecureClaw

Cross-platform security scanner and remediation tool for OpenClaw / Clawdbot

Installation

``bash npm install -g secureclaw`

Zero npm dependencies. Requires Node >= 18.

`Quick Start`

`$3`

`bash

`Auto-detect OpenClaw/Clawdbot installation`


secureclaw audit
Scan specific path

secureclaw audit /path/to/openclaw
Output as JSON, SARIF, or HTML

secureclaw audit --format json --output report.json
secureclaw audit --format sarif --output report.sarif
secureclaw audit --format html --output report.html
Filter by minimum severity

secureclaw audit --severity high

$3

`bash

`Interactive mode (approve each fix)`


secureclaw fix
Automatic mode (apply all fixes)

secureclaw fix --auto
Fix only critical-tier issues

secureclaw fix --auto --tier T1
Fix critical + high-risk issues

secureclaw fix --auto --tier T2

$3

`bash

`Quick overview without full scan output`


secureclaw summary


Features
$3
1. Control Panel Security - Gateway authentication, token strength, IP binding, zero-trust tunnel detection
2. Prompt Injection Protection - Detects missing prompt-guard skill
3. Plaintext Secrets - Finds API keys, tokens in config files
4. Skill Supply Chain - Scans for malicious patterns, exfiltration domains
5. Privilege Configuration - Checks for root/admin execution
6. Security Documentation - Validates SECURITY.md presence
7. Code Obfuscation - Detects base64, eval(), exec() usage
8. Credential Encryption - Validates encryption at rest
9. Browser Control Exposure - RCE risk, JavaScript evaluation
10. Filesystem Permissions - World-readable configs
11. DM Pairing - Open DM policy, session isolation
12. Group Mention Gating - Group chat attack surface
13. Model Provider Privacy - Data retention warnings
14. Tool Policy Enforcement - Unrestricted tools, elevated permissions
15. Incident Response - Audit logging, log redaction
16. MCP Server Security - Tool poisoning detection
17. Advanced Features - Shell commands, config editing, debug mode, webhooks, sandbox, plugins, agent-to-agent messaging
18. OpenClaw-Specific - Tailscale Funnel, insecure auth, context segregation
$3
Findings are organized into four tiers for prioritized remediation:
| Tier | Name | Description | Examples |
|------|------|-------------|----------|
| T1 | Critical Exposure | Immediate remote exploitation risk | No gateway auth, shell commands in chat, public Tailscale Funnel |
| T2 | High Risk | Significant security gaps | No context segregation, debug commands enabled, no plugin allowlist |
| T3 | Hardening | Defense-in-depth improvements | Sandbox read-write access, network-enabled containers, browser JS eval |
| T4 | Best Practice | Operational maturity | Log redaction patterns, session isolation, elevated tool restrictions |
$3

`$3`

- ✅ Linux (Debian, Ubuntu, RHEL, CentOS) - ✅ macOS (Homebrew) - ✅ Windows (WSL)

`$3`

17 out of 20 auto-fix actions work without root/sudo. When a fix fails due to permissions, SecureClaw shows a boxed copy-paste command:

`[ERROR] Permission denied: Install Tailscale

Commands are platform-aware (Linux gets apt/curl, macOS gets brew). Config edits use node -e one-liners since Node.js is guaranteed present.

`Usage Examples`

`$3`

`bash $ secureclaw audit ~/.openclaw`

[INFO] Running security audit... [INFO] Target: /home/user/.openclaw

SecureClaw Security Scanner v1.5.0 Platform: linux

[1/18] Checking Control panel security... [2/18] Checking Prompt injection protection... ... [17/18] Checking Advanced features... [18/18] Checking OpenClaw-specific security...

Findings: Critical: 5 High: 14 Medium: 9 Low: 3

Risk Score: 141 (SEVERE)`

`$3`

`bash

`Fix only T1 (critical exposure) issues first`


$ secureclaw fix --auto --tier T1
Tier filter: T1 (showing T1)
Fixable issues: 7/31
[SUCCESS] Gateway token updated (xjQMc1rL...)
[SUCCESS] Set gateway.tailscale.mode = "serve"
[SUCCESS] Webhook token generated (RUQQ4Y49...)
[SUCCESS] Set commands.bash = false

Fixed: 4 Failed: 3 (require sudo/system access)`

`$3`

`bash $ secureclaw fix`

[FIX] Setting commands.bash = false... Apply this fix? [Y/n]: y

[SUCCESS] Set commands.bash = false`

`$3`

`bash $ secureclaw audit --format sarif --output results.sarif

`Upload to GitHub via: gh api repos/OWNER/REPO/code-scanning/sarifs`


Risk Scoring
SecureClaw assigns risk scores based on finding severity:
- CRITICAL: 10 points each
- HIGH: 5 points each
- MEDIUM: 2 points each
- LOW: 1 point each

Risk Levels: -0-10: MINIMAL -11-20: LOW -21-30: MODERATE -31-50: HIGH -51+: SEVERE

`Configuration`

SecureClaw auto-detects OpenClaw and Clawdbot installations. When you provide a target path, it searches the target first, then falls back to the home directory:

When no target path is given, auto-detection checks: -~/.openclaw-~/.clawdbot-/opt/clawdbot- Common Node.js global module paths

Override with explicit path:`bash secureclaw audit /custom/path`

`$3`

Create .secureclawrc.json in your project root to set defaults:

`json { "format": "json", "severity": "medium", "tier": "T2", "ignore": ["no-security-md", "no-audit-log"], "output": "secureclaw-report.json" }`

`Exit Codes`

- 0: Success, no critical issues -1: Error during execution -2: Critical security issues found (audit mode)

`Requirements`

- Node.js: v18.0.0 or higher - Permissions: Some fixes require sudo/admin access - OpenClaw/Clawdbot: Compatible with OpenClaw 2026.x+ and Clawdbot 2024.x+

`Security`

Found a security issue in SecureClaw itself? Report it to: security@buguard.io

`License`

MIT License - see LICENSE file for details

`Support`

📧 Email: youssef@buguard.io

`Changelog`

See CHANGELOG.md for the full version history.

`$3`

$3

See CHANGELOG.md for full history.