🧪 Skills

Openclaw Action

GitHub Action for automated security scanning of agent workspaces. Detects exposed secrets, prompt/shell injection, and data exfiltration patterns in PRs and commits.

v1.0.0
❤️ 0
⬇️ 538
👁 1
Save📁 Collect
Share

Description

name: openclaw-action description: "GitHub Action for automated security scanning of agent workspaces. Detects exposed secrets, prompt/shell injection, and data exfiltration patterns in PRs and commits." user-invocable: false metadata: {"openclaw":{"emoji":"🛡️","requires":{"bins":["python3"]},"os":["darwin","linux","win32"]}}

OpenClaw Security Action

GitHub Action that scans agent skills for security issues on every PR.

What It Scans

Scanner What It Catches
sentry API keys, tokens, passwords, credentials in code
bastion Prompt injection markers, shell injection patterns
egress Suspicious network calls, data exfiltration patterns

Quick Start

Add to .github/workflows/security.yml:

name: Security Scan
on:
  pull_request:
    paths:
      - 'skills/**'
      - '.openclaw/**'
  push:
    branches: [main]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: AtlasPA/openclaw-action@v1
        with:
          workspace: '.'
          fail-on-findings: 'true'

Inputs

Input Default Description
workspace . Path to scan
fail-on-findings true Fail the check if issues found
scan-secrets true Enable secret scanning
scan-injection true Enable injection scanning
scan-egress true Enable egress scanning

Outputs

Output Description
findings-count Total number of issues found
has-critical true if critical/high severity issues

Philosophy

This action detects and alerts only. It will:

  • Flag security issues in PR checks
  • Annotate specific lines with findings
  • Generate a summary report

It will NOT:

  • Automatically modify your code
  • Quarantine or delete files
  • Make any changes to your repository

For automated remediation, see OpenClaw Pro.

Requirements

  • Python 3.8+ (auto-installed by action)
  • No external dependencies

Reviews (0)

Sign in to write a review.

No reviews yet. Be the first to review!

Comments (0)

Sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Compatible Platforms

Links

📂 Source Code

Pricing

Free

Related Configs

🧪 Skill

self-improving-agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...

❤️ 2.0k ⬇️ 218k
🧪 Skill

Self Improving Agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. And also 50+ models for image generation, video generation, text-to-speech, spe...

❤️ 2.0k ⬇️ 206k
🧪 Skill

Find Skills

Free

Search, discover, and install skills from the open agent skills ecosystem to extend agent capabilities for specific tasks or domains.

❤️ 814 ⬇️ 199k
🧪 Skill

Summarize

Free

--- name: summarize description: Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube). homepage: https://summarize.sh metadata: {"clawdbot":{"emoji":"🧾","requires":{"b

❤️ 609 ⬇️ 160k