Openclaw Action

Name: Openclaw Action
Author: atlaspa

"GitHub Action for automated security scanning of agent workspaces. Detects exposed secrets, prompt/shell injection, and data exfiltration patterns in PRs and commits."

openclaw skills install openclaw-action

Or ask OpenClaw: "Install the Openclaw Action skill"

Setup & Installation

Install Openclaw Action using the ClawHub CLI or OpenClaw CLI:

clawhub install openclaw-action

If the CLI is not installed:

npx clawhub@latest install openclaw-action

Or install with OpenClaw CLI:

openclaw skills install openclaw-action

View on ClawHub · View on GitHub

What This Skill Does

Openclaw Action is a Software Development skill for OpenClaw by atlaspa.

OpenClaw Security Action

GitHub Action that scans agent skills for security issues on every PR.

What It Scans

Scanner	What It Catches
sentry	API keys, tokens, passwords, credentials in code
bastion	Prompt injection markers, shell injection patterns
egress	Suspicious network calls, data exfiltration patterns

Quick Start

Add to .github/workflows/security.yml:

name: Security Scan
on:
  pull_request:
    paths:
      - 'skills/**'
      - '.openclaw/**'
  push:
    branches: [main]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: AtlasPA/openclaw-action@v1
        with:
          workspace: '.'
          fail-on-findings: 'true'

Inputs

Input	Default	Description
`workspace`	`.`	Path to scan
`fail-on-findings`	`true`	Fail the check if issues found
`scan-secrets`	`true`	Enable secret scanning
`scan-injection`	`true`	Enable injection scanning
`scan-egress`	`true`	Enable egress scanning

Outputs

Output	Description
`findings-count`	Total number of issues found
`has-critical`	`true` if critical/high severity issues

Philosophy

This action detects and alerts only. It will:

Flag security issues in PR checks
Annotate specific lines with findings
Generate a summary report

It will NOT:

Automatically modify your code
Quarantine or delete files
Make any changes to your repository

For automated remediation, see OpenClaw Pro.

Requirements

Python 3.8+ (auto-installed by action)
No external dependencies

Version History

Latest version: 1.0.0

First published: Feb 12, 2026. Last updated: Feb 12, 2026.

1 version released.

Frequently Asked Questions

Is Openclaw Action free to use?

Yes. Openclaw Action is a free, open-source skill available on the OpenClaw Skills Registry. You can install and use it at no cost, and the source code is publicly available for review and contribution.

What languages/platforms does Openclaw Action support?

It runs on any platform that supports OpenClaw, including macOS, Linux, and Windows. As long as you have the OpenClaw runtime installed, Openclaw Action will work seamlessly across operating systems.

How do I update Openclaw Action?

Run openclaw skills update openclaw-action to get the latest version. OpenClaw will download and apply the update automatically, preserving your existing configuration.

Can I use Openclaw Action with other skills?

Yes. OpenClaw skills are composable — you can combine Openclaw Action with any other installed skill in your workflows. This allows you to build powerful multi-step automations by chaining skills together.

Try Openclaw Action with OpenClaw Cloud

Install and run Openclaw Action instantly — no setup required.

Try OpenClaw Cloud Learn More