Skills openclaw-action
GitHub Action for automated security scanning of agent workspaces. Detects exposed secrets, prompt/shell injection, and data exfiltration patterns in PRs and commits.
install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/atlaspa/openclaw-action" ~/.claude/skills/openclaw-skills-openclaw-action && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/atlaspa/openclaw-action" ~/.openclaw/skills/openclaw-skills-openclaw-action && rm -rf "$T"
manifest:
skills/atlaspa/openclaw-action/SKILL.mdsource content
OpenClaw Security Action
GitHub Action that scans agent skills for security issues on every PR.
What It Scans
| Scanner | What It Catches |
|---|---|
| sentry | API keys, tokens, passwords, credentials in code |
| bastion | Prompt injection markers, shell injection patterns |
| egress | Suspicious network calls, data exfiltration patterns |
Quick Start
Add to
.github/workflows/security.ymlname: Security Scan on: pull_request: paths: - 'skills/**' - '.openclaw/**' push: branches: [main] jobs: scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: AtlasPA/openclaw-action@v1 with: workspace: '.' fail-on-findings: 'true'
Inputs
| Input | Default | Description |
|---|---|---|
| | Path to scan |
| | Fail the check if issues found |
| | Enable secret scanning |
| | Enable injection scanning |
| | Enable egress scanning |
Outputs
| Output | Description |
|---|---|
| Total number of issues found |
| |
Philosophy
This action detects and alerts only. It will:
- Flag security issues in PR checks
- Annotate specific lines with findings
- Generate a summary report
It will NOT:
- Automatically modify your code
- Quarantine or delete files
- Make any changes to your repository
For automated remediation, see OpenClaw Pro.
Requirements
- Python 3.8+ (auto-installed by action)
- No external dependencies