trent-openclaw-security

Assess your Agent deployment against security risks using Trent.

install

source · Clone the upstream repo

git clone https://github.com/trnt-ai/trent-openclaw-security-assessment

Claude Code · Install into ~/.claude/skills/

git clone --depth=1 https://github.com/trnt-ai/trent-openclaw-security-assessment ~/.claude/skills/trnt-ai-trent-openclaw-security-assessment-trent-openclaw-security

OpenClaw · Install into ~/.openclaw/skills/

git clone --depth=1 https://github.com/trnt-ai/trent-openclaw-security-assessment ~/.openclaw/skills/trnt-ai-trent-openclaw-security-assessment-trent-openclaw-security

manifest: SKILL.md

source content

Trent OpenClaw Security Assessment

Audit your OpenClaw deployment for security risks. Identifies misconfigurations, chained attack paths, and provides severity-rated findings with fixes.

Setup

All tools are bundled — no external installer needed.

Set the

TRENT_API_KEY

environment variable. Get a key at https://trent.ai/openclaw/

Instructions

This audit runs in three phases. Run them in order.

Phase 1 — Configuration Audit

Collect metadata and send to Trent for analysis:

from openclaw_trent.openclaw_config.collector import collect_openclaw_metadata
from openclaw_trent.lib.audit_prompt import build_audit_prompt
from openclaw_trent.lib import trent_client

metadata = collect_openclaw_metadata()
message = build_audit_prompt(metadata)
response = trent_client.chat(message=message)

Save

response["thread_id"]

for Phase 3.

Present findings grouped by severity (see "Present results" below).

Summarize: "Phase 1 complete. N findings from configuration analysis. Phase 2 will scan your skills for deeper analysis — I'll show you exactly what would be uploaded before anything is sent. Ready to continue?"

Optional: specify a custom config path:

from pathlib import Path
metadata = collect_openclaw_metadata(openclaw_path=Path("/path/to/openclaw/config"))

Phase 2 — Skill Upload

Scan the workspace first (nothing is uploaded yet):

from openclaw_trent.lib.package_skills import scan_workspace

skills = scan_workspace()

Present what was found and how it will be protected. Example:

I found N skills in your workspace:

Skill Type Size
skill-name installed-skill 12KB

Before upload, each skill is packaged with its source code and metadata (name, version, dependencies). Files like .env, .pem, .key, and .db are excluded, and secrets in standard formats (API keys, tokens, AWS credentials, connection strings) are automatically redacted locally. If you use custom secret formats, keep them in environment variables rather than hard-coded in skill files.

Ready to upload?

Use the

secrets_redacted

field — if any skills had secrets redacted, mention which ones in the table or below it.

Wait for the user to confirm before uploading.

After user confirms, upload:

from openclaw_trent.lib.upload_skills import upload_packaged_skills

upload_summary = upload_packaged_skills(skills)

Present the upload summary:

How many skills were uploaded, skipped (unchanged), failed, or too large
List each skill by name and status

If all uploads failed, report the errors and stop. Otherwise proceed.

Summarize: "Phase 2 complete. N skills uploaded. Proceeding to deep skill analysis..."

Phase 3 — Deep Skill Analysis

Analyse each uploaded skill using the thread ID from Phase 1:

from openclaw_trent.lib.prompts import build_per_skill_analysis_prompt
from openclaw_trent.lib import trent_client

thread_id = "<THREAD_ID from Phase 1>"
for skill in upload_summary["skills"]:
    if skill["status"] in ("uploaded", "skipped"):
        prompt = build_per_skill_analysis_prompt(skill)
        result = trent_client.chat(message=prompt, thread_id=thread_id)

Each request uses the Phase 1 thread ID so the advisor has full context from the configuration audit.

Present the deep analysis results alongside the Phase 1 findings.

Inspect system context separately

To view the system analysis data without running a full audit:

from openclaw_trent.lib.system_analyzer import collect_system_analysis
import json
result = collect_system_analysis()
print(json.dumps(result, indent=2))

This returns channel configuration and installed skill names. Useful for debugging or verifying what data is sent.

Present results

Format findings grouped by severity:

CRITICAL: Immediate action required
HIGH: Fix soon
MEDIUM: Recommended improvement
LOW: Minor hardening

For each finding show: the risk, where it was found, and the exact fix.

Highlight chained attack paths — where multiple settings combine to create worse outcomes.

Present recommended config changes as a diff snippet for the user to review and apply manually. Do not modify any system files directly.

When to use

User asks "Is my setup secure?" or "audit my config"
After changes to OpenClaw configuration, new plugins, or new MCP servers