Skip to content

Fix bot-caught issues from PR #33 review #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TechNickAI merged 1 commit into from
Mar 28, 2026
Merged

Fix bot-caught issues from PR #33 review #39

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions devops/machine-security-review.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,10 +227,10 @@ Scan for leaked secrets. This runs during every audit and drift check.
2. **Other config directories** — `~/.config/`, `~/.netrc`
3. **Shell history** — `~/.bash_history`, `~/.zsh_history`
4. **Git history** — In the OpenClaw workspace, scan commit content for leaked secrets:
`git log -p --all -S 'sk-ant-' -S 'AKIA' -S 'ghp_' -S 'sk-' 2>/dev/null | head -200`
This scans actual content across all commits — not just filenames — and catches
secrets added to any file (README, JSON config, etc.), not only newly-added
`.env`/`.key`/`.pem` files.
`git log -p --all -G 'sk-ant-|AKIA|ghp_|sk-' 2>/dev/null | head -200` This scans
actual content across all commits — not just filenames — and catches secrets added to
any file (README, JSON config, etc.), not only newly-added `.env`/`.key`/`.pem`
files.
5. **Log files** — Check gateway logs and health check logs for accidentally logged
credentials matching the patterns above
6. **Process environment** — Check for secrets exposed in process env vars. Report the
Expand Down
2 changes: 1 addition & 1 deletion workflows/security-sentinel/AGENT.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ Severity determines notification timing:
| -------------- | ------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **CRITICAL** | Active exploitation in the wild AND we are confirmed exposed | Immediate notification to admin with detailed findings and recommended steps. All remediation runs through machine-security-review on each machine — never apply changes remotely. |
| **HIGH** | Known technique, we are likely vulnerable, exploitation is feasible | Notify admin within the hour. Detailed report with recommended actions. |
| **MEDIUM** | Theoretical risk, partial exposure, or exploitation requires unusual conditions | Include in next daily sweep notification. Log to findings. |
| **MEDIUM** | Theoretical risk, partial exposure, or exploitation requires unusual conditions | Include in weekly digest. Log to findings. |
| **LOW / INFO** | Interesting research, we are mitigated, or not applicable | Log to `agent_notes.md`. Include in weekly digest. |

Use the admin notification lane. If `notification-routing.md` exists in your workflow
Expand Down
Loading