trent-openclaw-security

# Trent OpenClaw Security Audit

Security audit for your OpenClaw deployment powered by Trent AppSec Advisor.

Analyzes your configuration for security risks and identifies chained attack
paths where multiple misconfigurations combine to create worse outcomes.

## How It Works

This skill uses the `trent-openclaw-audit` CLI command provided by the
`trentai-mcp` Python package. The command:

1. Reads `~/.openclaw/` config files (METADATA ONLY — no secrets leave the machine)
2. Redacts detected credentials locally using pattern-based secret detection
3. Sends the sanitized metadata to Trent AppSec Advisor for AI-powered analysis
4. Prints security findings with severity ratings and chained attack path analysis

Authentication requires a Trent API key (`TRENT_API_KEY` env var). Keys are
generated via `trent-api-key create` (requires one-time browser login).
OpenClaw prompts for the key during skill installation.

## Setup

1. Install the skill via ClawHub (this also installs `trent-api-key` and
   `trent-openclaw-audit` CLIs automatically):

```
clawhub install bristy/trent-openclaw-security
```

2. OpenClaw will prompt for `TRENT_API_KEY`. If you don't have one yet,
   generate it on any machine with a browser:

```
trent-api-key create
```

3. Paste the key when prompted. OpenClaw stores it in the skill config.

## When to Use

**Reactive (user asks):**
- User asks "Is my setup secure?" or "audit my config"
- User asks about specific OpenClaw security concerns
- User mentions security hardening or vulnerability scanning

**Proactive (offer automatically):**
- At the START of a new conversation, if no audit has been run recently,
  proactively say: "I can check your OpenClaw configuration for security
  risks. Would you like me to run a quick audit?"
- After any change to ~/.openclaw/openclaw.json (config edits, new plugins,
  new MCP servers), offer: "Your configuration changed. Want me to run a
  quick security check?"
- When the user installs a new plugin or skill,...