The missing security layer for your OpenClaw installation.
Audit. Monitor. Protect. All from one tool.
Quick Start • Why This Tool • Features • Dashboard • CLI • Contributing
Built by Miloud Belarebia at 2PiData — for the OpenClaw community.
Upstream integration: The core runtime guardrails from this tool are being integrated as an official OpenClaw extension — see PR #17273 and Discussion #17275. This standalone CLI tool will continue to be maintained for additional features (dashboard, secrets scanning, auto-hardening, dependency auditing).
You installed OpenClaw. It works great. But ask yourself:
- Are your API keys exposed in config files or skills?
- Is your sandbox mode properly configured?
- Do your MCP servers come from verified sources?
- Could a prompt injection be hiding in your workspace files?
- Are your npm dependencies free of known vulnerabilities?
If you're not sure, you need this tool.
# Install globally
npm install -g openclaw-security-guard
# Run your first audit
openclaw-guard audit
# Fix issues automatically
openclaw-guard fix --auto
# Launch the live dashboard
openclaw-guard dashboard30 seconds. That's all it takes to know your security posture.
There are other security tools in the OpenClaw ecosystem. Here's how they compare:
Built-in security audit |
ClawSec | OpenClaw Shield | Security Guard | |
|---|---|---|---|---|
| Secrets scanning (API keys, tokens) | Basic | Yes | Yes | 15+ formats + entropy |
| Config hardening & auto-fix | No | Partial | Partial | Full auto-fix, 3 modes |
| Prompt injection detection | No | No | Basic | 50+ patterns |
| MCP server verification | No | No | No | Allowlist-based |
| npm dependency scanning | No | No | No | Yes |
| Live web dashboard | No | No | No | Real-time scoring |
| API cost monitoring | No | No | No | Daily/monthly |
| Pre-commit hooks | No | No | No | Yes |
| Multi-language (EN/FR/AR) | No | No | No | Yes |
| Zero telemetry guaranteed | Unknown | Unknown | Unknown | 100% local |
Security Guard doesn't replace these tools. It fills the gaps they leave.
| Scanner | What it catches |
|---|---|
| Secrets Scanner | API keys, tokens, passwords, private keys, webhook URLs. Uses pattern matching + Shannon entropy analysis. |
| Config Auditor | Weak sandbox mode, open DM policy, public gateway binding, disabled rate limiting, elevated mode risks. |
| Prompt Injection Detector | 50+ patterns: instruction overrides, role hijacking, data exfiltration, delimiter manipulation, jailbreak attempts. |
| Dependency Scanner | Known CVEs in your npm dependency tree. |
| MCP Server Auditor | Unverified MCP servers not in the community allowlist. |
For production deployments, add --infra to scan your server:
openclaw-guard audit --infra| Scanner | What it checks |
|---|---|
| Network Security | Firewall status (UFW/firewalld/macOS), public port exposure, gateway bound to 0.0.0.0 vs 127.0.0.1 |
| SSH Access Control | Password authentication, root login, fail2ban status, failed login attempts (24h) |
| System Hardening | Security updates available, config file permissions (600 vs 777), unattended upgrades |
| TLS / Certificates | Reverse proxy (Caddy/Nginx), Tailscale/WireGuard VPN status |
| Resource Security | Disk usage (DoS risk at >90%), memory usage monitoring |
The infra module catches what application scanning misses:
- App score says 85/100, but gateway is on
0.0.0.0with SSH password auth enabled = actually vulnerable - With
--infra, the combined score reflects the real picture
Three modes to fix issues your way:
openclaw-guard fix # Interactive: review each fix
openclaw-guard fix --auto # Automatic: fix everything, backup first
openclaw-guard fix --dry-run # Preview: see what would changeEvery fix creates a timestamped backup. Nothing is irreversible.
One number that tells you where you stand:
| Score | Meaning |
|---|---|
| 80-100 | You're in good shape. |
| 60-79 | Some issues to review. |
| Below 60 | Action required now. |
Deductions: critical finding = -10, high = -5, medium = -2. Sandbox off = -20. Open DM policy = -15.
openclaw-guard dashboardOpens a password-protected web dashboard at http://localhost:18790 with:
- Real-time security score that updates as threats are detected
- Request monitoring with requests-per-minute tracking
- Cost tracking for API usage (daily/monthly limits)
- Threat feed showing prompt injection attempts, blocked requests, rate limit hits
- Config overview at a glance
The dashboard runs on localhost only, uses PBKDF2 password hashing (100k iterations, SHA-512), and connects to your OpenClaw gateway via WebSocket.
| Command | Description |
|---|---|
openclaw-guard audit |
Full security audit |
openclaw-guard audit --deep |
Deep scan with entropy analysis |
openclaw-guard audit --quick |
Fast scan, skip advanced checks |
openclaw-guard audit --infra |
Include infrastructure scanning (network, SSH, system) |
openclaw-guard audit --ci |
CI mode (exit code 1 on critical issues) |
openclaw-guard fix |
Interactive fix mode |
openclaw-guard fix --auto |
Automatic fix with backup |
openclaw-guard fix --dry-run |
Preview fixes without applying |
openclaw-guard dashboard |
Start live dashboard |
openclaw-guard dashboard -p 3000 |
Custom port |
openclaw-guard scan secrets |
Scan for secrets only |
openclaw-guard scan config |
Audit config only |
openclaw-guard scan prompts |
Detect prompt injections only |
openclaw-guard report -f html |
Generate HTML report |
openclaw-guard report -f json |
Generate JSON report |
openclaw-guard hooks install |
Install pre-commit hook |
openclaw-guard hooks status |
Check hook status |
| Option | Description |
|---|---|
-c, --config <path> |
Custom config file path |
-l, --lang <lang> |
Language: en, fr, ar |
-v, --verbose |
Verbose output |
-q, --quiet |
No banner |
Create .openclaw-guard.json in your project root or home directory:
{
"scanners": {
"secrets": {
"enabled": true,
"exclude": ["*.test.js", "node_modules/**"]
},
"config": {
"enabled": true,
"strict": true
},
"prompts": {
"enabled": true,
"sensitivity": "high"
},
"mcpServers": {
"allowlist": [
"mcp-server-filesystem",
"mcp-server-fetch",
"mcp-server-memory",
"mcp-server-sqlite",
"mcp-server-git",
"mcp-server-github"
],
"blockUnknown": false
}
},
"monitors": {
"cost": {
"dailyLimit": 10,
"monthlyLimit": 100
}
},
"dashboard": {
"port": 18790
}
}Use Security Guard as a library in your own projects:
import { quickAudit, checkPromptInjection } from 'openclaw-security-guard';
// Full audit
const results = await quickAudit('~/.openclaw');
console.log(`Score: ${results.securityScore}/100`);
console.log(`Critical: ${results.summary.critical}`);
// Check a message for injection
const check = await checkPromptInjection('ignore all previous instructions');
console.log(check.safe); // false// Individual scanners
import { SecretsScanner, ConfigAuditor, McpServerAuditor } from 'openclaw-security-guard';
const scanner = new SecretsScanner({});
const result = await scanner.scan('/path/to/openclaw');This is a security tool. It should be secure itself. Here's the commitment:
| Telemetry | None. Zero. |
| Network requests | None (except local WebSocket to your gateway) |
| Data collection | None |
| Cloud dependency | None |
| Dashboard access | localhost only, password-protected |
| Password storage | PBKDF2, 100k iterations, SHA-512 |
| Input validation | Zod schemas everywhere |
| Report generation | XSS-safe, path-traversal-safe |
See SECURITY.md for the full security policy.
| Language | Link |
|---|---|
| English | docs/en/README.md |
| French | docs/fr/README.md |
| Arabic | docs/ar/README.md |
PRs welcome. See CONTRIBUTING.md.
git clone https://github.com/2pidata/openclaw-security-guard.git
cd openclaw-security-guard
npm install
npm test # 25 tests, 0 warnings
Created by Miloud Belarebia at 2PiData
Inspired by detect-secrets, trivy, and OWASP.
If this tool helps you, leave a star. It helps others find it too.
github.com/2pidata/openclaw-security-guard