openclaw-actionGitHub Action for automated security scanning of agent workspaces. Detects exposed secrets, prompt/shell injection, and data exfiltration patterns in PRs and commits.
Install via ClawdBot CLI:
clawdbot install AtlasPA/openclaw-actionGitHub Action that scans agent skills for security issues on every PR.
| Scanner | What It Catches |
|---------|-----------------|
| sentry | API keys, tokens, passwords, credentials in code |
| bastion | Prompt injection markers, shell injection patterns |
| egress | Suspicious network calls, data exfiltration patterns |
Add to .github/workflows/security.yml:
name: Security Scan
on:
pull_request:
paths:
- 'skills/**'
- '.openclaw/**'
push:
branches: [main]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: AtlasPA/openclaw-action@v1
with:
workspace: '.'
fail-on-findings: 'true'| Input | Default | Description |
|-------|---------|-------------|
| workspace | . | Path to scan |
| fail-on-findings | true | Fail the check if issues found |
| scan-secrets | true | Enable secret scanning |
| scan-injection | true | Enable injection scanning |
| scan-egress | true | Enable egress scanning |
| Output | Description |
|--------|-------------|
| findings-count | Total number of issues found |
| has-critical | true if critical/high severity issues |
This action detects and alerts only. It will:
It will NOT:
For automated remediation, see OpenClaw Pro.
Generated Mar 1, 2026
Integrate OpenClaw Action into CI/CD pipelines for automated security scanning of agent skill repositories. It scans every pull request for exposed secrets and injection vulnerabilities, ensuring code merges meet security standards before deployment.
Use this action to perform regular security audits on AI agent workspaces, helping organizations comply with data protection regulations like GDPR or HIPAA by detecting potential data exfiltration patterns and unauthorized credential usage.
Maintain security in open-source AI agent projects by automatically scanning contributions for malicious code or accidental secret leaks, reducing manual review burden and enhancing community trust.
Deploy OpenClaw Action in large-scale enterprise environments to secure internal AI agent development, preventing security breaches from prompt injection or shell injection vulnerabilities in proprietary codebases.
Incorporate this tool into educational programs for AI and cybersecurity, allowing students to learn about secure coding practices by scanning their projects for real-world vulnerabilities in a controlled setting.
Offer a free version of OpenClaw Action for basic scanning on public repositories, with premium features like automated remediation and advanced reporting available through a subscription-based Pro tier. Revenue is generated from enterprise licenses and sponsorships.
Provide security consulting services centered around OpenClaw Action, including custom integration, training, and ongoing support for organizations implementing AI agent security. Revenue comes from service contracts and project-based fees.
Sell OpenClaw Action as a premium extension in AI agent marketplaces or developer platforms, with revenue from one-time purchases or usage-based pricing. This model targets developers seeking ready-to-use security tools.
💬 Integration Tip
Ensure Python 3.8+ is available in your CI environment and configure the action to scan relevant paths like 'skills/**' to maximize coverage without unnecessary overhead.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.