OpenClaw Architecture
OpenClaw Architecture
Section titled “OpenClaw Architecture”The openclaw_architecture metric evaluates OpenClaw agent configuration (e.g. openclaw.json) for security, skill governance, observability, and supply chain risks.
Overview
Section titled “Overview”OpenClaw deployments can expose risks through:
- Config security: Gateway auth, discovery pinning, loopback binding, credentials, rate limiting
- Skill governance: Allowlists, human approval, sandbox, tool permissions, shadow MCP servers
- Observability: OTel plugin, audit logging, retention, GenAI semantic conventions, cost tracking, interruptibility, drift detection
- Supply chain: ClawHub provenance, virus scan, pinned MCP versions, source integrity, egress controls
This metric runs multiple detectors and produces axis scores plus an overall health score. Run arxo metrics registry --registry-format detailed to list all detector keys and possible values; the generated Keys and possible values page is built from that schema.
What It Measures
Section titled “What It Measures”- Config Security: Gateway auth when remote, discovery pinning, loopback binding, control UI exposure, credential storage, auth token strength, DM policy, rate limiting
- Skill Governance: Skill allowlist/denylist, self-modifying skill risk, human approval, tool poisoning, sandbox, exec security mode, agent tool over-permission, shadow MCP server
- Observability: OTel plugin, content capture, sample rate, audit log, log retention, GenAI semantic conventions, cost tracking, interruptibility, behavioral drift detection
- Supply Chain: ClawHub provenance, memory file write risk, metadata validation, virus scan, unpinned MCP version, skill source integrity, egress firewall, known malicious skill, typosquat names
arxo analyze --metric openclaw_architecture --path /path/to/openclaw-projectTo dump the full detector schema (for docs or tooling):
arxo metrics registry --registry-format detailed --output registry.json