Built for OpenClaw users

Secure your OpenClaw in 60 seconds.

Your agent keeps doing everything it does today. It just stops holding your credentials in plaintext. Sigil takes the keys; your OpenClaw asks Sigil for what it needs, when it needs it.

$ curl -fsSL joinsigil.com/install.sh | sh

What the security community has found

This is not a theoretical risk.

In the last four months, security researchers, enterprise vendors, and national CERT teams have all published the same warning. The pattern is consistent. The fix is not.

Snyk · 2026

7.1% of plugins leak credentials in plaintext.

Snyk analysed 3,984 third-party OpenClaw plugins. 283 expose user credentials in plain text, harvestable by any prompt injection or unsecured endpoint.

SOURCE — Snyk plugin ecosystem analysis

CVE · v2026.4.22

Four formal CVEs, one release.

Vulnerabilities allowing data theft, privilege escalation, and persistent backdoors via local memory. Responsibly disclosed; patches shipped — but the underlying execution boundary has not changed.

SOURCE — NIST NVD, OpenClaw security advisory

Cisco Research

Malicious skills exfiltrate live data.

Cisco ran a single vulnerable third-party skill. Nine findings, two critical: active data exfiltration via curl, direct prompt injection forcing the assistant to bypass safety guidelines without asking.

SOURCE — Cisco Talos vulnerable-skill report

CNCERT · National warning

China's CNCERT issued a national-level warning.

The National Computer Network Emergency Response Technical Team warned of the security risks of using OpenClaw. The Composio piece "OpenClaw is a security nightmare dressed up as a daydream" hit Hacker News.

SOURCE — CNCERT advisory, Hacker News

What Sigil does for your OpenClaw

Bounded blast radius. Same workflow.

Sigil is the credential and permission layer the security community has been independently building by hand — with Hashicorp Vault, Docker, and custom MCP proxies. We are shipping it so you do not have to.

Credentials leave your laptop.

OAuth tokens, API keys, and access secrets move from ~/.openclaw/ into Sigil's encrypted vault. Your OpenClaw config is rewritten to reach Sigil at runtime. The keys never touch your filesystem again.

Scoped, time-bound permission.

Permit your OpenClaw to read this calendar, send no email, spend up to this amount — for one hour, one week, or until you say otherwise. Every grant is revocable in one click. The default is deny.

Live audit of every action.

Every tool call your OpenClaw makes generates a record. See the moment your agent reads an email, queries a calendar, hits an API. Anomaly alerts when it behaves out of character. Revoke instantly.

Install

One command. Sixty seconds.

Migrates your existing OpenClaw credentials into Sigil's encrypted vault, rewrites your OpenClaw config to reach Sigil at runtime, and verifies the setup with a test query before showing you the live audit log.

      # Run this in your terminal
      $ curl -fsSL joinsigil.com/install.sh | sh
       
      → Detecting OpenClaw installation... found at ~/.openclaw
      → Migrating 7 credentials to Sigil vault... done
      → Rewriting OpenClaw config... done
      → Verifying with test query... ok
      → Opening live audit log...
       
      ✓ Sealed. Your OpenClaw is now Sigil-bounded.
    

Before / After

What stays. What changes.

Sigil is additive. Your OpenClaw remains your OpenClaw. The change is in where credentials live and what an attacker can do with them.

Stays the same

Your OpenClaw workflows and skills
Your prompts and configurations
Your agent's speed and autonomy
Your local install and update flow
Your existing connected services

Changes

Credentials live in Sigil, not on your laptop
Permissions are scoped, time-bound, revocable
Prompt injection cannot steal what is not there
You see every action your agent takes in real time
You can revoke any grant in a single click