OpenSkillIndex← back to search
claude-codeopenclawsecurity

Skills security-guardian

Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.

install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/1999azzar/security-guardian" ~/.claude/skills/openclaw-skills-security-guardian && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/1999azzar/security-guardian" ~/.openclaw/skills/openclaw-skills-security-guardian && rm -rf "$T"
manifest: skills/1999azzar/security-guardian/SKILL.md
tags
#security-scanning#vulnerability-assessment#secret-detection#trivy#container-security#code-auditing
source content

Security Guardian

System for automated security auditing and credential protection.

Core Workflows

1. Secret Scanning

Scan specific project directories for hardcoded credentials.

  • Tool: 
    scripts/scan_secrets.py
  • Usage: 
    python3 $WORKSPACE/skills/security-guardian/scripts/scan_secrets.py <path_to_project>
  • Workflow:
    1. Execute scan on a specific project or directory.
    2. If findings are reported (exit code 1):
      • Review the file and line number.
      • Transition: Move the secret to a secure vault (e.g., using the 
        mema-vault
        skill).
      • Redact: Replace the plaintext secret in the source code with an environment variable or a vault lookup call.

2. Container Vulnerability Scan

Analyze Docker images for vulnerabilities prior to deployment.

  • Tool: 
    scripts/scan_container.sh
  • Usage: 
    bash $WORKSPACE/skills/security-guardian/scripts/scan_container.sh <image_name>
  • Logic: Identify 
    HIGH
    and 
    CRITICAL
    severities. Recommend base image updates or security patches.

Security Guardrails

  • Scope Limitation: Avoid scanning system-level directories. Focus only on relevant project workspaces.
  • Credential Isolation: Hardcoded secrets are considered a high-severity finding.
  • Dependencies: Container scanning requires 
    trivy
    to be installed on the host system.

Integration

  • Vaulting: This skill identifies leaks. Remediation should be performed using a dedicated credential manager like 
    mema-vault
    .