JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 59
  • Score
    100M100P100Q64252F
  • License MIT

Security scanner and remediation tool for OpenClaw/Clawdbot - 33+ checks, tier-based fixing, SARIF/HTML/JSON output, zero-trust tunnel detection

Package Exports

  • secureclaw
  • secureclaw/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (secureclaw) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

🔐 SecureClaw

Cross-platform security scanner and remediation tool for OpenClaw / Clawdbot

SecureClaw is a comprehensive security toolkit that audits and fixes security issues in OpenClaw and Clawdbot installations. It runs 33+ checks across 18 categories, auto-fixes config-level issues, and organizes findings into severity tiers (T1-T4) so you can prioritize what matters most.

  • 🔒 Credential protection (file permissions, ownership hardening)
  • 🛡️ Prompt injection detection
  • 🔑 Plaintext secret detection
  • 👤 Privilege escalation checks
  • 📦 Skill supply chain security
  • 🔍 Code obfuscation detection
  • 📝 Security documentation generation
  • 🌐 Zero-trust tunnel detection (Tailscale, Cloudflare Tunnel)
  • 🧩 OpenClaw-specific checks (commands, sandbox, plugins, agents, hooks)

Installation

npm install -g secureclaw

Zero npm dependencies. Requires Node >= 18.

Quick Start

Audit Mode (Scan Only)

# Auto-detect OpenClaw/Clawdbot installation
secureclaw audit

# Scan specific path
secureclaw audit /path/to/openclaw

# Output as JSON, SARIF, or HTML
secureclaw audit --format json --output report.json
secureclaw audit --format sarif --output report.sarif
secureclaw audit --format html --output report.html

# Filter by minimum severity
secureclaw audit --severity high

Fix Mode (Scan + Remediate)

# Interactive mode (approve each fix)
secureclaw fix

# Automatic mode (apply all fixes)
secureclaw fix --auto

# Fix only critical-tier issues
secureclaw fix --auto --tier T1

# Fix critical + high-risk issues
secureclaw fix --auto --tier T2

Summary Mode

# Quick overview without full scan output
secureclaw summary

Features

🔍 Security Checks (18 Categories, 33+ Checks)

  1. Control Panel Security - Gateway authentication, token strength, IP binding, zero-trust tunnel detection
  2. Prompt Injection Protection - Detects missing prompt-guard skill
  3. Plaintext Secrets - Finds API keys, tokens in config files
  4. Skill Supply Chain - Scans for malicious patterns, exfiltration domains
  5. Privilege Configuration - Checks for root/admin execution
  6. Security Documentation - Validates SECURITY.md presence
  7. Code Obfuscation - Detects base64, eval(), exec() usage
  8. Credential Encryption - Validates encryption at rest
  9. Browser Control Exposure - RCE risk, JavaScript evaluation
  10. Filesystem Permissions - World-readable configs
  11. DM Pairing - Open DM policy, session isolation
  12. Group Mention Gating - Group chat attack surface
  13. Model Provider Privacy - Data retention warnings
  14. Tool Policy Enforcement - Unrestricted tools, elevated permissions
  15. Incident Response - Audit logging, log redaction
  16. MCP Server Security - Tool poisoning detection
  17. Advanced Features - Shell commands, config editing, debug mode, webhooks, sandbox, plugins, agent-to-agent messaging
  18. OpenClaw-Specific - Tailscale Funnel, insecure auth, context segregation

🏷️ Severity Tiers

Findings are organized into four tiers for prioritized remediation:

Tier Name Description Examples
T1 Critical Exposure Immediate remote exploitation risk No gateway auth, shell commands in chat, public Tailscale Funnel
T2 High Risk Significant security gaps No context segregation, debug commands enabled, no plugin allowlist
T3 Hardening Defense-in-depth improvements Sandbox read-write access, network-enabled containers, browser JS eval
T4 Best Practice Operational maturity Log redaction patterns, session isolation, elevated tool restrictions

🛠️ Automated Fixes (25+ Remediation Actions)

  • Generate strong gateway tokens (64-char cryptographic)
  • Generate webhook authentication tokens
  • Disable dangerous chat commands (bash, config, debug, restart)
  • Disable agent-to-agent messaging
  • Set sandbox workspace to read-only
  • Isolate sandbox network (set to none)
  • Disable shell environment sourcing
  • Disable Tailscale Funnel (switch to serve mode)
  • Configure Tailscale zero-trust networking
  • Setup Cloudflare Tunnel (cloudflared)
  • Install prompt-guard skill
  • Enable context segregation
  • Generate security documentation (SECURITY.md)
  • Secure credentials (chmod 600 + ownership hardening)
  • Enable audit logging

📊 Output Formats

Format Flag Use Case
Text --format text Terminal output (default)
JSON --format json Programmatic consumption, CI/CD
SARIF --format sarif GitHub Code Scanning integration
HTML --format html Shareable reports with inline CSS

🌍 Platform Support

  • Linux (Debian, Ubuntu, RHEL, CentOS)
  • macOS (Homebrew)
  • Windows (WSL)

Non-Root Support

17 out of 20 auto-fix actions work without root/sudo. When a fix fails due to permissions, SecureClaw shows a boxed copy-paste command:

[ERROR] Permission denied: Install Tailscale

  ┌─ Manual fix (copy & paste) ──────────────────────
  │ curl -fsSL https://tailscale.com/install.sh | sh && sudo tailscale up
  └─────────────────────────────────────────────────

Commands are platform-aware (Linux gets apt/curl, macOS gets brew). Config edits use node -e one-liners since Node.js is guaranteed present.

Usage Examples

Basic Audit

$ secureclaw audit ~/.openclaw

Output:

╔═══════════════════════════════════════════════════════════════╗
║   SecureClaw - Clawdbot Security Suite              v1.5.0  ║
╚═══════════════════════════════════════════════════════════════╝

[INFO] Running security audit...
[INFO] Target: /home/user/.openclaw

SecureClaw Security Scanner v1.5.0
Platform: linux

[1/18] Checking Control panel security...
[2/18] Checking Prompt injection protection...
...
[17/18] Checking Advanced features...
[18/18] Checking OpenClaw-specific security...

═══════════════════════════════════════════════════════
SECURITY ASSESSMENT COMPLETE
═══════════════════════════════════════════════════════

Findings:
  Critical: 5
  High:     14
  Medium:   9
  Low:      3

Risk Score: 141 (SEVERE)

Tier-Based Fix

# Fix only T1 (critical exposure) issues first
$ secureclaw fix --auto --tier T1

Tier filter: T1 (showing T1)
Fixable issues: 7/31

[SUCCESS] Gateway token updated (xjQMc1rL...)
[SUCCESS] Set gateway.tailscale.mode = "serve"
[SUCCESS] Webhook token generated (RUQQ4Y49...)
[SUCCESS] Set commands.bash = false

Fixed:   4
Failed:  3  (require sudo/system access)

Interactive Fix

$ secureclaw fix

Prompts for approval on each fix:

═══════════════════════════════════════════════════════
Finding 1/31
═══════════════════════════════════════════════════════
Severity: CRITICAL
Tier: T1
Title: Shell commands enabled in chat via ! prefix

[FIX] Setting commands.bash = false...
Apply this fix? [Y/n]: y

[SUCCESS] Set commands.bash = false

SARIF for GitHub Code Scanning

$ secureclaw audit --format sarif --output results.sarif
# Upload to GitHub via: gh api repos/OWNER/REPO/code-scanning/sarifs

Risk Scoring

SecureClaw assigns risk scores based on finding severity:

  • CRITICAL: 10 points each
  • HIGH: 5 points each
  • MEDIUM: 2 points each
  • LOW: 1 point each

Risk Levels:

  • 0-10: MINIMAL
  • 11-20: LOW
  • 21-30: MODERATE
  • 31-50: HIGH
  • 51+: SEVERE

Configuration

SecureClaw auto-detects OpenClaw and Clawdbot installations. When you provide a target path, it searches the target first, then falls back to the home directory:

Search order (first match wins):
  1. <target>/.openclaw/openclaw.json     ← Docker/container installs
  2. <target>/openclaw.json
  3. <target>/.clawdbot/clawdbot.json
  4. <target>/config.json
  5. <target>/clawdbot.json
  6. ~/.openclaw/openclaw.json             ← Home directory fallback
  7. ~/.clawdbot/clawdbot.json

When no target path is given, auto-detection checks:

  • ~/.openclaw
  • ~/.clawdbot
  • /opt/clawdbot
  • Common Node.js global module paths

Override with explicit path:

secureclaw audit /custom/path

Config File

Create .secureclawrc.json in your project root to set defaults:

{
  "format": "json",
  "severity": "medium",
  "tier": "T2",
  "ignore": ["no-security-md", "no-audit-log"],
  "output": "secureclaw-report.json"
}

Exit Codes

  • 0: Success, no critical issues
  • 1: Error during execution
  • 2: Critical security issues found (audit mode)

Requirements

  • Node.js: v18.0.0 or higher
  • Permissions: Some fixes require sudo/admin access
  • OpenClaw/Clawdbot: Compatible with OpenClaw 2026.x+ and Clawdbot 2024.x+

Security

Found a security issue in SecureClaw itself? Report it to: security@buguard.io

License

MIT License - see LICENSE file for details

Support

📧 Email: youssef@buguard.io

Changelog

See CHANGELOG.md for the full version history.

v1.5.0 (2026-02-01)

  • Config detection searches target path first, home directory as fallback
  • Scanner checks <target>/.openclaw/openclaw.json (Docker/container layouts)
  • Filesystem permissions and vault checks use detected config path
  • 88 tests

v1.4.0 (2026-02-01)

  • Platform-aware copy-paste manual fix commands in error output
  • Removed non-existent dependencies (clawdbot-keyutils, universal-vault.sh)
  • All external references verified against live registries
  • Credential protection via file permissions instead of fake vault tools
  • Non-root support: 17/20 fixes work without sudo

v1.3.0 (2026-01-31)

See CHANGELOG.md for full history.