🔴 Your AI agent has shell access, file control, and browser automation.
Is anyone checking its security?
Clawhatch runs 100 automated security checks on your OpenClaw AI agent config.
Scores 0–100 · Auto-fixes safe issues · Runs in under a second · 100% offline
npx clawhatch scan
No install. No account. No data leaves your machine. One command.
You don't know what you don't know. |
93 points in 3 seconds. |
# One command. That's it.
npx clawhatch scan# Want the full picture? Scan workspace files too.
npx clawhatch scan --workspace .# Auto-fix everything it can (backs up config first)
npx clawhatch scan --fix|
🔐 15 checks DM policies, allowlists, pairing, access groups, OAuth |
🌐 10 checks Gateway binding, auth mode, TLS, CORS, port exposure |
📦 8 checks Exec policies, workspace access, Docker isolation |
🔑 30 checks API keys in config/logs, .env perms, key rotation |
🛠️ 20 checks Shell access, Docker socket, dangerous combos, timeouts |
|
🧩 12 checks Untrusted sources, eval(), native modules, sandboxing |
🤖 7 checks Legacy models, injection risk, SOUL.md exposure |
☁️ 1 check iCloud, OneDrive, Dropbox, Google Drive detection |
💾 10 checks PII in logs, retention, encryption at rest, backups |
⚙️ 7 checks Logging, monitoring, health checks, git secrets |
Clawhatch Security Scanner v0.1.0
══════════════════════════════════════════════════
██ Security Score: 40/100 (D — Poor) ██
══════════════════════════════════════════════════
Platform: win32
Checks: 100 run, 89 passed, 11 findings
Duration: 276ms · Scanned: 27 files
──────────────────────────────────────────────────
🔴 CRITICAL (1)
!! API key(s) found in openclaw.json
2 hardcoded API key(s) — move all to .env
Risk: Keys exposed if config is shared or committed
Fix: Move to .env, use ${VAR_NAME} substitution
🟡 HIGH (2)
! OAuth token in session log
Bearer token values detected in session logs
Fix: Enable session log scrubbing
! Session log may contain PII
Patterns resembling personal data (email, phone)
Fix: Enable PII scrubbing or reduce log verbosity
🔵 MEDIUM (4)
~ Credentials in error messages
~ No tool allowlist configured
~ Shell commands may contain secrets
~ No data retention policy
⚪ LOW (4)
- Large session log (15.0MB) — sampled
- Reasoning enabled in group contexts
- Verbose mode enabled in group contexts
- No log rotation configured
──────────────────────────────────────────────────
⚡ 3 issue(s) can be auto-fixed → run with --fix
| 90–100 Excellent |
80–89 Good |
70–79 Acceptable |
50–69 Needs Work |
30–49 Poor |
0–29 Critical |
| Severity | Penalty |
|---|---|
| 🔴 Critical | −15 points (hard-caps score at 40) |
| 🟡 High | −8 points |
| 🔵 Medium | −3 points |
| ⚪ Low | −1 point |
⚠️ Critical cap: Any critical finding locks your score at 40 max. Fix critical issues first.
npx clawhatch scan --fix| Fix Type | Action | Example |
|---|---|---|
| ✅ Safe (automatic) | Applied instantly | Move API keys to .env, add .gitignore entries, generate strong tokens |
| Asks before changing | Change DM policy to allowlist, enable sandbox, rebind gateway |
Every fix creates a timestamped backup (.bak.<timestamp>) before touching your config. Zero risk.
Track your security posture over time with continuous monitoring:
# Manual scan with comparison to last scan
npx clawhatch monitor
# View scan history and monitoring status
npx clawhatch monitor --status
# Generate trend report (score trends, new/resolved issues)
npx clawhatch monitor --report # Paid tier
# Start scheduled monitoring (daily scans)
npx clawhatch monitor --start # Paid tier
# Stop scheduled monitoring
npx clawhatch monitor --stop- Scan history — All scans saved to
~/.clawhatch/history/as timestamped JSON - Change detection — Compares current scan to previous to highlight new/resolved issues
- Score trends — Track security score over time with min/max/average
- Trend reports — Shows improving/declining/stable trends with issue deltas
| Feature | Free Tier | Paid Tier |
|---|---|---|
| Manual scans | ✅ | ✅ |
| Scan history | ✅ | ✅ |
| Change detection | ✅ | ✅ |
| Scheduled monitoring | ❌ | ✅ |
| Trend reports | ❌ | ✅ |
| Score alerts | ❌ | ✅ |
License key: Place your license in ~/.clawhatch/license.key to unlock paid features.
clawhatch scan # Basic scan
clawhatch scan --workspace . # Include workspace files (SOUL.md, skills)
clawhatch scan --deep # Full session log analysis
clawhatch scan --fix # Auto-fix safe issues
clawhatch scan --json # JSON output for CI/CD
clawhatch scan --format html # HTML report
clawhatch scan --path /custom/path # Custom OpenClaw path
clawhatch scan --share # Share anonymized results with community
clawhatch init # Generate hardened baseline config
clawhatch threats # View community threat feed
clawhatch subscribe --webhook URL # Alert on new threats
clawhatch monitor # Manual scan + comparison to last scan
clawhatch monitor --status # View monitoring status and scan history
clawhatch monitor --report # Generate trend report (paid tier)
clawhatch monitor --start # Start scheduled monitoring (paid tier)
clawhatch monitor --stop # Stop scheduled monitoringname: Security Audit
on: [push, pull_request]
jobs:
clawhatch:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '18'
- name: Run Clawhatch scan
run: npx clawhatch scan --workspace . --json > clawhatch-report.json
- name: Check score
run: |
score=$(jq '.score' clawhatch-report.json)
echo "Security score: $score"
[ "$score" -ge 50 ] || exit 1
- uses: actions/upload-artifact@v4
if: always()
with:
name: clawhatch-report
path: clawhatch-report.jsonShare anonymized results. Get collective immunity.
clawhatch scan --share # Upload anonymized findings
clawhatch threats # View trending threats
clawhatch subscribe --webhook https://discord.com/api/webhooks/...What gets shared: Check IDs + severity only. What never leaves your machine: File paths, secrets, descriptions, config values.
If 45% of users suddenly have NETWORK-001, that's flagged as trending. Subscribers with that vulnerability get an instant webhook alert.
clawhatch scan --json > report.json{
"score": 82,
"summary": {
"grade": "A",
"critical": 0,
"high": 1,
"medium": 2,
"low": 0,
"autoFixable": 1
},
"findings": [ ... ],
"checksRun": 100,
"duration": 276,
"platform": "win32"
}| Exit Code | Meaning |
|---|---|
0 |
Scan passed (no critical findings) |
1 |
Critical findings detected |
| Platform | Status |
|---|---|
| Windows | ✅ Full support |
| Linux | ✅ Core checks (platform-specific expanding) |
| macOS | ✅ Core checks (platform-specific expanding) |
| Color | Hex | |
|---|---|---|
| 🔴 | Clawhatch Red | #C41E3A |
| ⬛ | Deep Navy | #1A1A2E |
| 🟥 | Alert Red | #FF4D4D |
| 🩷 | Scan Pink | #FF8080 |
Logo and banner: assets/
- Fork the repo
- Create a feature branch (
git checkout -b feat/my-check) - Add checks following the pattern in
src/checks/ - Run tests:
npm test(301 passing) - Submit a PR
MIT © Clawhatch
Built by a solo developer in Cardiff 🏴 who found 3 API keys in his own config.
If it happened to me, it's happening to you.
npx clawhatch scan