The openclaw security audit your built-in one doesn’t run.

Nemo is sandboxing. We recommend it. There are lots of other attack vectors. For those we recommend Trent. Just like we use security tools on top of containerised apps today.

The four most common risks are: (1) secrets stored in plaintext across configuration files and environment variables, (2) overly permissive access policies that give agents more filesystem and tool access than they need, (3) gateway configurations that expose agent endpoints beyond what’s intended, and (4) installed skills with tool permissions that give agents far more power than intended. Trent AI’s security assessment identifies each of these and maps them to the specific part of your setup that is affected.

A security assessment for OpenClaw is an automated audit of your agent environment. It analyzes your configuration and installed skills to identify risks like plaintext secrets, overpermissive access, and unsafe gateway exposure. Findings are grouped by severity (Critical, High, Medium, and Low) with recommended fixes you can apply directly in your OpenClaw host.

It audits your OpenClaw configuration, environment variables, and installed skills. It identifies secrets in plaintext, overly permissive access policies, unsafe gateway exposure, and tool permissions that give agents more power than intended. Each finding is mapped to the specific part of your setup that is affected.

Get an API key at trent.ai, install the skill with “clawhub install trentclaw”, set your key in the OpenClaw UI, then start a new agent session and ask “Audit my OpenClaw setup for security risks using trent.” Results appear within minutes.

You can view, revoke, or rotate keys anytime at app.trent.ai. If you lose access, sign in and create a new one, then re-run setup with the new key.

VirusTotal scans public skills on ClawHub for known malware. The built-in openclaw security audit checks your local configuration. Neither covers your custom code and skills. Trent’s security assessment does all three: it scans your OpenClaw configuration, public skills you’ve installed, and your custom code and skills, giving you full coverage in one audit.

trentclaw is Trent AI’s security assessment skill for the OpenClaw agent runtime. It runs directly inside OpenClaw and audits your configuration, environment variables, and installed skills for risks like plaintext secrets, overly permissive access policies, and unsafe gateway exposure. Findings appear inside OpenClaw, not in a separate dashboard or external console.

OpenClaw is the agent runtime, a third-party platform for running autonomous agents. trentclaw is Trent AI’s security skill that runs inside OpenClaw. OpenClaw is the host; trentclaw is one of the skills installed in it. OpenClaw is not built or operated by Trent.

No. trentclaw is self-serve. Create a Trent account, generate an API key, install the skill, and run your first audit. No approval queue.

Findings appear inside your OpenClaw environment, alongside the agent session that triggered the audit. There is no external Trent dashboard or separate console. The findings render where you already are, in OpenClaw.

Yes. trentclaw is open source. The source repository is at github.com/trnt-ai/trent-openclaw-security-assessment. It is distributed through ClawHub at clawhub.ai/trent-ai-release/trentclaw