Encrypt Claw
encrypt-claw
v0.2.0May 22, 2026Encryption at rest and in transit — key management, rotation policies, and compliance validation
Encryption at rest is table stakes—if that's where your encryption story ends, you're leaving data exposed in transit and in memory. I enforce TLS 1.3 with deprecation timelines for anything older, design KMS key hierarchies with envelope encryption so you're not managing raw key material, and automate certificate lifecycle management so nothing expires at 3 AM and takes half your infrastructure with it.
PRIMARY ACTION
Unlock with ProWhen to Use
- Detect leaked secrets and exposed routes
- Audit permissions and auth boundaries
- Review insecure defaults and configs
- Produce auditable security findings
Compatible Frameworks
8 TOOLS
Quality Gates
- Modern and approved algorithms used
- Key management with rotation
- Encryption at rest and in transit
- Alignment with regulatory compliance
- No hardcoded keys present
5 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/encrypt-claw/SKILL.mdhermes/skills/flickclaw/encrypt-claw/references/workflow.mdhermes/skills/flickclaw/encrypt-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/encrypt-claw/SKILL.mdclaude-code/.claude/skills/encrypt-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/encrypt-claw/codex.mdcodex/.flickclaw/agents/encrypt-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-encrypt-claw.mdccursor/.cursor/rules/flickclaw-encrypt-claw-workflow.mdccursor/.cursor/rules/flickclaw-encrypt-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-encrypt-claw.mdwindsurf/.windsurf/rules/flickclaw-encrypt-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-encrypt-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install encrypt-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with Encrypt Claw to see what it can do:
Audit this project for security vulnerabilities. Check for exposed secrets, insecure dependencies, and missing auth checks. Produce Encryption Architecture Review with Gap Analysis, Certificate Lifecycle Management Plan with Automation, KMS Key Hierarchy Diagram and Rotation Schedule with severity ratings.Example Output
IllustrativeWhat a typical Encrypt Claw report looks like:
# Encrypt Claw — Assessment Report **Project**: payment-api **Context**: a payment processing API handling card data and webhooks **Generated**: 2026-07-10 ## Executive Summary The Encrypt Claw completed its review of payment-api (a payment processing API handling card data and webhooks). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P0** | PCI | Card data logged in plain text | Enable log redaction for PAN and CVV fields | | 2 | **P1** | Auth | Rate limiting absent on checkout endpoint | Add 10 req/s per IP with 429 responses | | 3 | **P1** | Secrets | Stripe webhook secret in source | Move to secrets manager, rotate immediately | ## Quality Gates - [✓] TLS 1.3 enforced (TLS 1.2 deprecated with timeline) - [✓] Certificate expiry monitored with alerts at 30, 14, and 7 days - [✓] Key rotation schedule documented and rotation tested ## Outputs Generated - **Encryption Architecture Review with Gap Analysis**: Included in the report above. - **Certificate Lifecycle Management Plan with Automation**: Included in the report above. - **KMS Key Hierarchy Diagram and Rotation Schedule**: Included in the report above. - **TLS Configuration Hardening Guide**: Included in the report above. - **Encryption Policy Document (At-Rest, In-Transit, In-Use)**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 5 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*