🛡️ OpenClaw Guardrail Linter
Scan your OpenClaw config for the settings that quietly hand your agent too much power: unrestricted exec, open inbound DMs, secrets committed in config, the deny-write bypass, sandbox turned off, dangerous Docker binds, and elevated tools. Read-only, plain-English findings, grounded in the OpenClaw docs.
- Identify hardcoded secrets in OpenClaw manifests
- Detect sandbox escape vulnerabilities in Docker configs
- Flag file-write permission bypasses in tool profiles
$12
· or 60 creditsSecure checkout via Stripe
Included in download
- Identify hardcoded secrets in OpenClaw manifests
- Detect sandbox escape vulnerabilities in Docker configs
- file_read automation included
- Ready for Cursor
Media gallery
See it in action
You say
Review my openclaw.json and .openclaw/ manifests for security issues.
Your agent does
Scan complete. Found 2 issues:
- OGL003 (High): Hardcoded API key found in openclaw.json at line 12. Use SecretRef.
- OGL009 (Medium): Workspace mounted as read-write. Recommend read-only for current agent scope. Review findings before connecting to external channels.
🛡️ OpenClaw Guardrail Linter
Scan your OpenClaw config for the settings that quietly hand your agent too much power: unrestricted exec, open inbound DMs, secrets committed in config, the deny-write bypass, sandbox turned off, dangerous Docker binds, and elevated tools. Read-only, plain-English findings, grounded in the OpenClaw docs.
$12
· or 60 creditsSecure checkout via Stripe
Included in download
- Identify hardcoded secrets in OpenClaw manifests
- Detect sandbox escape vulnerabilities in Docker configs
- file_read automation included
- Ready for Cursor
- Instant install
Media gallery
See it in action
You say
Review my openclaw.json and .openclaw/ manifests for security issues.
Your agent does
Scan complete. Found 2 issues:
- OGL003 (High): Hardcoded API key found in openclaw.json at line 12. Use SecretRef.
- OGL009 (Medium): Workspace mounted as read-write. Recommend read-only for current agent scope. Review findings before connecting to external channels.
About This Skill
The problem
Misconfigured OpenClaw agents risk remote code execution, secret leakage, and unrestricted tool access. Standard linters miss these platform-specific security flaws in openclaw.json and workspace manifests.
What it does
- Scans config files for OGL001-OGL011 security violations.
- Identifies hardcoded secrets and insecure environment variable mapping.
- Detects sandbox escapes and dangerous Docker bind mounts.
- Flags bypasses where write permissions are denied but edit tools remain active.
- Evaluates inbound DM permissions and broad skill gates.
Frameworks & tools
Compatible with OpenClaw configuration formats including .json and .json5. Analyzes SOUL.md, AGENTS.md, and USER.md files.
Why this beats prompting it yourself
Manual prompting often misses nuanced bypasses like OGL005 or specific Docker sandbox overrides. This skill uses a codified rule set that ensures consistent detection of 11 distinct vulnerability classes without hallucinatory false negatives.
Use cases
- Reviewing
openclaw.jsonbefore deploying a new agent gateway. - Auditing local workspace mounts for unnecessary read-write access.
- Checking AGENTS.md for hardcoded API keys or sensitive literal strings.
- Pre-production security checks for OpenClaw skill gates.
Known limitations
Uses heuristic analysis of static text files. It does not verify live gateway state or network-level firewall rules.
Use Cases
- Identify hardcoded secrets in OpenClaw manifests
- Detect sandbox escape vulnerabilities in Docker configs
- Flag file-write permission bypasses in tool profiles
- Audit inbound DM settings for unauthorized access
Known Limitations
Heuristic. It targets documented OpenClaw config keys as checked on 2026-07-01 and is only as current as the editable rules file. It reads config and text, so it does not run the agent or verify live gateway state. The elevated-tools and skill-gate checks are advisory.
How to install
Drop the file into your AI tool. Works with Claude, Cursor, ChatGPT, and 20+ more.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
Allowed Hosts
File Scopes
Read Files only. It reads your OpenClaw config and workspace files as plain text to flag unsafe settings and committed secrets. It does not run OpenClaw, read your live environment, use secrets, or send anything anywhere. No write, shell, or network.
Runs anywhere a coding agent can execute a Python 3 script. Tested with Claude Code, Cursor, Codex CLI, Windsurf, and Cline. Python 3 standard library only: no third-party packages, no network calls, and it never runs your code. Scans openclaw.json and OpenClaw workspace files (SOUL.md, AGENTS.md, USER.md). Rules track documented OpenClaw config keys and live in an editable references/openclaw-rules.json you can tune.