openclaw-action

# OpenClaw Security Action

GitHub Action that scans agent skills for security issues on every PR.

## What It Scans

| Scanner | What It Catches |
|---------|-----------------|
| **sentry** | API keys, tokens, passwords, credentials in code |
| **bastion** | Prompt injection markers, shell injection patterns |
| **egress** | Suspicious network calls, data exfiltration patterns |

## Quick Start

Add to `.github/workflows/security.yml`:

```yaml
name: Security Scan
on:
  pull_request:
    paths:
      - 'skills/**'
      - '.openclaw/**'
  push:
    branches: [main]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: AtlasPA/openclaw-action@v1
        with:
          workspace: '.'
          fail-on-findings: 'true'
```

## Inputs

| Input | Default | Description |
|-------|---------|-------------|
| `workspace` | `.` | Path to scan |
| `fail-on-findings` | `true` | Fail the check if issues found |
| `scan-secrets` | `true` | Enable secret scanning |
| `scan-injection` | `true` | Enable injection scanning |
| `scan-egress` | `true` | Enable egress scanning |

## Outputs

| Output | Description |
|--------|-------------|
| `findings-count` | Total number of issues found |
| `has-critical` | `true` if critical/high severity issues |

## Philosophy

This action **detects and alerts only**. It will:
- Flag security issues in PR checks
- Annotate specific lines with findings
- Generate a summary report

It will NOT:
- Automatically modify your code
- Quarantine or delete files
- Make any changes to your repository

For automated remediation, see [OpenClaw Pro](https://github.com/sponsors/AtlasPA).

## Requirements

- Python 3.8+ (auto-installed by action)
- No external dependencies

# OpenClaw Security Action

GitHub Action for automated security scanning of agent workspaces. Catches secrets, injection attacks, and exfiltration patterns before they land in your repo.

## Why This Exists

Agent skill marketplaces have a supply chain security problem. Since January 2026, 341+ malicious skills have been identified on ClawHub and similar registries — trojanized utilities with reverse shells, credential stealers, and silent data exfiltration.

This action brings the [OpenClaw Security Suite](https://github.com/AtlasPA/openclaw-security) into your CI pipeline, scanning skills before they can cause damage.

## Quick Start

```yaml
# .github/workflows/security.yml
name: Security Scan
on:
  pull_request:
    paths:
      - 'skills/**'
      - '.openclaw/**'
  push:
    branches: [main]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: AtlasPA/openclaw-action@v1
```

That's it. PRs touching your skills directory will now be scanned.

## What It Catches

### Secret Exposure (sentry)
- API keys (AWS, GCP, GitHub, Stripe, OpenAI, etc.)
- Hardcoded passwords and tokens
- Private keys and certificates
- High-entropy strings that look like credentials

### Injection Attacks (bastion)
- Prompt injection markers (`[SYSTEM]`, `<|im_start|>`)
- Shell injection patterns (`eval()`, `exec()`, `subprocess` with `shell=True`)
- Unicode homoglyphs and directional overrides
- Hidden instructions in HTML comments

### Data Exfiltration (egress)
- Suspicious `requests.post()` and `urllib` calls
- Hardcoded IP addresses and short-lived domains
- Credential-to-network data flows
- DNS exfiltration patterns

## Configuration

### Inputs

| Input | Default | Description |
|-------|---------|-------------|
| `workspace` | `.` | Path to scan (repository root by default) |
| `fail-on-findings` | `true` | Fail the check if any security issues are found |
| `scan-secrets` | `true` | Run secret/credential scanning |
| `scan-injectio...