Check your OpenClaw
security vitals.
OpenClaw is your personal AI agent.
ClawVitals checks your installation for real misconfigurations, scores your setup, and shows you exactly what to fix.
First scan in seconds.
Built for 🦞 OpenClaw 2026.3.13+
ClawVitals — why it matters
OpenClaw is an autonomous AI agent with real access to your files, messages, tools, and services. That's exactly what makes it so useful, and exactly what makes it worth protecting. Misconfigured permissions, outdated components, or a quietly tampered config file can silently expose you without any warning.
ClawVitals gives you a fast health check you can run periodically: a clear score, a plain-English list of what's wrong, and exactly how to fix it. No technical expertise needed.
Learn more about ClawVitals →What's included
Core Security Controls
Checks auth config, group permissions, channel health, reverse proxy trust, and version currency. All scored controls contribute to your final result.
Exact Remediation
Every failing control shows the exact command or config change to fix it.
Fully Local
Runs entirely within your OpenClaw installation. No data leaves your machine. The skill is stateless with nothing stored between sessions; the plugin keeps history locally.
Experimental Controls
Additional checks beyond the scored core controls. Results are informational and not included in your final score.
Enhanced Monitoring
Config tamper detection, drift alerts, and regression notifications. Get alerted on your next scheduled scan when something has changed or regressed.
Security History Dashboard
Full posture timeline showing when things changed and why. Recurring scans run automatically so your history builds itself over time.
Track your posture over time
The skill gives you a score in seconds, the plugin remembers it and does much more: config tamper detection, recurring scans, drift detection, regression alerts, and your full security history on the dashboard.
Install the ClawVitals plugin →Frequently asked questions
What does ClawVitals check?
ClawVitals checks your OpenClaw installation for common security misconfigurations: authentication settings, group and user permissions, messaging channel isolation, reverse proxy trust configuration, and whether you are running a current, patched version. The plugin adds system-level checks covering exposed services, open ports, secrets on disk, and Docker configuration, as well as config tamper detection.
Is ClawVitals free?
Yes. Both the ClawVitals skill and the ClawVitals plugin are free and open source, released under the MIT License.
What is config tamper detection?
Config tamper detection is a ClawVitals plugin feature that takes SHA256 hashes of your core OpenClaw agent config files, then alerts you if those files change unexpectedly or contain prompt injection patterns such as hidden instruction overrides or zero-width characters.
Does ClawVitals send any data externally?
No data leaves your machine. ClawVitals runs entirely within your OpenClaw installation. The skill is stateless. The plugin includes optional telemetry that is on by default; you can opt out at any time.
Which OpenClaw versions are supported?
ClawVitals requires OpenClaw 2026.3.13 or later.
What is the difference between the skill and the plugin?
The skill runs on-demand scans: a single command gives you a score and exact fixes, with nothing stored between sessions. The plugin adds continuous monitoring: recurring scans, scan history, delta detection, regression alerts, config tamper detection, and a posture trend dashboard.