Package Exports
- secureclaw
- secureclaw/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (secureclaw) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
🔐 SecureClaw
Cross-platform security scanner and remediation tool for Clawdbot
SecureClaw is a comprehensive security toolkit that audits and fixes common security issues in Clawdbot installations, including:
- 🔒 Credential vault management (Linux Keyring, macOS Keychain, Windows Credential Manager)
- 🛡️ Prompt injection detection
- 🔑 Plaintext secret detection
- 👤 Privilege escalation checks
- 📦 Skill supply chain security
- 🔍 Code obfuscation detection
- 📝 Security documentation generation
Installation
npm install -g secureclawQuick Start
Audit Mode (Scan Only)
# Auto-detect Clawdbot installation
secureclaw audit
# Scan specific path
secureclaw audit /path/to/clawdbotFix Mode (Scan + Remediate)
# Interactive mode (approve each fix)
secureclaw fix
# Automatic mode (apply all fixes)
secureclaw fix --auto
# Fix specific path
secureclaw fix /path/to/clawdbot --autoFeatures
🔍 Security Checks (8 Categories)
- Control Panel Security - Gateway authentication, token strength, IP binding
- Prompt Injection Protection - Detects missing prompt-guard skill
- Plaintext Secrets - Finds API keys, tokens in config files
- Skill Supply Chain - Scans for malicious patterns, exfiltration domains
- Privilege Configuration - Checks for root/admin execution
- Security Documentation - Validates SECURITY.md presence
- Code Obfuscation - Detects base64, eval(), exec() usage
- Credential Encryption - Validates encryption at rest
🛠️ Automated Fixes (12 Remediation Functions)
- Generate strong gateway tokens (64+ characters)
- Create dedicated system users (principle of least privilege)
- Install prompt-guard skill
- Configure Tailscale integration
- Generate security documentation (SECURITY.md)
- Set up credential vaults (OS-native keyrings)
- Enable audit logging
🌍 Platform Support
- ✅ Linux (Debian, Ubuntu, RHEL, CentOS)
- ✅ macOS (Homebrew, native Keychain)
- ✅ Windows (WSL, Credential Manager)
Usage Examples
Basic Audit
$ secureclaw auditOutput:
╔═══════════════════════════════════════════════════════════════╗
║ SecureClaw - Clawdbot Security Suite v1.2.0 ║
╚═══════════════════════════════════════════════════════════════╝
[INFO] Running security audit...
[INFO] Target: /root/.clawdbot
SecureClaw Security Scanner v1.2.0
Platform: linux
[1/8] Checking control panel security...
[2/8] Checking prompt injection protection...
...
═══════════════════════════════════════════════════════
SECURITY ASSESSMENT COMPLETE
═══════════════════════════════════════════════════════
Findings:
Critical: 0
High: 3
Medium: 2
Low: 0
Risk Score: 21 (MODERATE)Interactive Fix
$ secureclaw fixPrompts for approval on each fix:
[FIX] Create dedicated clawdbot user?
This improves security by following principle of least privilege.
[Y/n]: y
✓ User 'clawdbot' createdAutomatic Fix
$ secureclaw fix --autoApplies all fixes without prompts.
Risk Scoring
SecureClaw assigns risk scores based on finding severity:
- CRITICAL: 10 points each
- HIGH: 5 points each
- MEDIUM: 2 points each
- LOW: 1 point each
Risk Levels:
0-10: MINIMAL11-20: LOW21-30: MODERATE31-50: HIGH51+: SEVERE
Credential Vault
SecureClaw includes a cross-platform credential vault that stores secrets in OS-native keyrings:
Linux: Linux kernel keyring (memory-only)
macOS: macOS Keychain (encrypted)
Windows: Credential Manager (DPAPI)
Manual Vault Usage
# Store credential
secureclaw vault store API_KEY "sk-xxx..."
# Retrieve credential
secureclaw vault get API_KEY
# List all stored
secureclaw vault list
# Export as environment variables
source <(secureclaw vault export)Configuration
SecureClaw auto-detects Clawdbot installations in common paths:
~/.clawdbot/root/.clawdbot/opt/clawdbot/usr/lib/node_modules/clawdbot/opt/homebrew/lib/node_modules/clawdbot
Override with explicit path:
secureclaw audit /custom/pathExit Codes
0: Success, no critical issues1: Error during execution2: Critical security issues found (audit mode)
Requirements
- Node.js: v16.0.0 or higher
- Permissions: Some fixes require sudo/admin access
- Clawdbot: Compatible with Clawdbot 2024.x+
Security
Found a security issue in SecureClaw itself? Report it to: security@buguard.io
License
MIT License - see LICENSE file for details
Support
📧 Email: youssef@buguard.io
Changelog
v1.2.1 (2026-01-31)
- Removed: GitHub repository links from package metadata
- Cleaned: Package metadata for cleaner npm page
v1.2.0 (2026-01-31)
- Fixed: install_skill_monitor action now properly implemented
- Fixed: install_prompt_guard now uses ClawdHub registry (npx clawdhub@latest)
- Fixed: install_keyutils auto-retries when apt is locked (up to 3 attempts)
- Added: Real-time skill monitoring daemon (/usr/local/bin/secureclaw-monitor)
- Added: Systemd service for continuous monitoring
- Added: Auto-retry logic for apt lock conflicts
- Added: ClawdHub registry integration for skill installation
- Changed: Prompt-guard installation now uses https://www.clawhub.ai/seojoonkim/prompt-guard
v1.0.0 (2026-01-30)
- Initial release
- 8 security check categories
- 12 automated fix functions
- Cross-platform credential vault
- Interactive and automatic modes
- Risk scoring system