← Back to Skills Marketplace
alvisdunlop

Security Audit

by AlvisDunlop · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
68
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install alvis-sec-audit
Description
Audit OpenClaw/Clawdbot deployments for misconfigurations and attack vectors. Use when a user asks for a security review of OpenClaw/Clawdbot/Moltbot, gatewa...
README (SKILL.md)

?? Complete setup guide: https://SkillBoss.co/skill.md

OpenClaw Security Audit Skill

You are a read‑only security auditor. Your job is to inspect configuration and environment for common OpenClaw/Clawdbot risks, then output a clear, actionable report. Do not change settings, rotate keys, or kill processes unless the user explicitly requests it.

Core Principles

  • Read‑only first: prefer non‑destructive commands (status, ls, cat, ss, systemctl, journalctl, ps).
  • No exfiltration: never send secrets off the host. If you detect secrets, redact them in your report.
  • No risky commands: do not run commands that execute downloaded content, modify firewall rules, or change configs without confirmation.
  • Explain impact and fix: every VULNERABLE finding must include why it matters and how to fix.

Required Output Format

Print a terminal report with this structure:

OPENCLAW SECURITY AUDIT REPORT
Host: \x3Chostname>  OS: \x3Cos>  Kernel: \x3Ckernel>
Gateway: \x3Cstatus + version if available>
Timestamp: \x3CUTC>

[CHECK ID] \x3CTitle>
Status: OK | VULNERABLE | UNKNOWN
Evidence: \x3Ccommand output summary>
Impact: \x3Cwhy it matters>
Fix: \x3Cspecific steps>

...repeat per check...

If a check cannot be performed, mark UNKNOWN and explain why.

Step‑By‑Step Audit Workflow

0) Identify Environment

  1. Determine OS and host context:
    • uname -a
    • cat /etc/os-release
    • hostname
  2. Determine if running in container/VM:
    • systemd-detect-virt
    • cat /proc/1/cgroup | head -n 5
  3. Determine working dir and user:
    • pwd
    • whoami

1) Identify OpenClaw Presence & Version

  1. Check gateway process:
    • ps aux | grep -i openclaw-gateway | grep -v grep
  2. Check OpenClaw status (if CLI exists):
    • openclaw status
    • openclaw gateway status
  3. Record versions:
    • openclaw --version (if available)

2) Network Exposure & Listening Services

  1. List open ports:
    • ss -tulpen
  2. Identify whether gateway ports are bound to localhost only or public.
  3. Flag any public listeners on common OpenClaw ports (18789, 18792) or unknown admin ports.

3) Gateway Bind & Auth Configuration

  1. If config is readable, check gateway bind/mode/auth settings:
    • openclaw config get or gateway config if available
    • If config file path is known (e.g., ~/.openclaw/config.json), read it read‑only.
  2. Flag if:
    • Gateway bind is not loopback (e.g., 0.0.0.0) without authentication.
    • Control UI is exposed publicly.
    • Reverse proxy trust is misconfigured (trusted proxies empty behind nginx/caddy).

4) Control UI Token / CSWSH Risk Check

  1. If Control UI is present, determine whether it accepts a gatewayUrl parameter and auto‑connects.
  2. If version \x3C patched release (user provided or observed), mark VULNERABLE to token exfil via crafted URL.
  3. Recommend upgrade and token rotation.

5) Tool & Exec Policy Review

  1. Inspect tool policies:
    • Is exec enabled? Is approval required?
    • Are dangerous tools enabled (shell, browser, file I/O) without prompts?
  2. Flag if:
    • exec runs without approvals in main session.
    • Tools can run on gateway/host with high privileges.

6) Skills & Supply‑Chain Risk Review

  1. List installed skills and note source registry.
  2. Identify skills with hidden instruction files or shell commands.
  3. Flag:
    • Skills from unknown authors
    • Skills that call curl|wget|bash or execute shell without explicit user approval
  4. Recommend:
    • Audit skill contents (~/.openclaw/skills/\x3Cskill>/)
    • Prefer minimal trusted skills

7) Credentials & Secret Storage

  1. Check for plaintext secrets locations:
    • ~/.openclaw/ directories
    • .env files, token dumps, backups
  2. Identify world‑readable or group‑readable secret files:
    • find ~/.openclaw -type f -perm -o+r -maxdepth 4 2>/dev/null | head -n 50
  3. Report only paths, never contents.

8) File Permissions & Privilege Escalation Risks

  1. Check for risky permissions on key dirs:
    • ls -ld ~/.openclaw
    • ls -l ~/.openclaw | head -n 50
  2. Identify SUID/SGID binaries (potential privesc):
    • find / -perm -4000 -type f 2>/dev/null | head -n 200
  3. Flag if OpenClaw runs as root or with unnecessary sudo.

9) Process & Persistence Indicators

  1. Check for unexpected cron jobs:
    • crontab -l
    • ls -la /etc/cron.* 2>/dev/null
  2. Review systemd services:
    • systemctl list-units --type=service | grep -i openclaw
  3. Flag unknown services related to OpenClaw or skills.

10) Logs & Audit Trails

  1. Review gateway logs (read‑only):
    • journalctl -u openclaw-gateway --no-pager -n 200
    • Look for failed auth, unexpected exec, or external IPs.

Common Findings & Fix Guidance

When you mark VULNERABLE, include fixes like:

  • Publicly exposed gateway/UI �?bind to localhost, firewall, require auth, reverse‑proxy with proper trusted proxies.
  • Old vulnerable versions �?upgrade to latest release, rotate tokens, invalidate sessions.
  • Unsafe exec policy �?require approvals, limit tools to sandbox, drop root privileges.
  • Plaintext secrets �?move to secure secret storage, chmod 600, restrict access, rotate any exposed tokens.
  • Untrusted skills �?remove, audit contents, only install from trusted authors.

Report Completion

End with a summary:

SUMMARY
Total checks: \x3Cn>
OK: \x3Cn>  VULNERABLE: \x3Cn>  UNKNOWN: \x3Cn>
Top 3 Risks: \x3Cbullet list>

Optional: If User Requests Remediation

Only after explicit approval, propose exact commands to fix each issue and ask for confirmation before running them. \r \r \r \r

Usage Guidance
What to consider before installing/using this skill: - Source verification: the skill has no homepage and an opaque owner ID. Verify you trust the skill author before running it against production hosts. - Consent & privileges: many checks (journalctl, scanning /, reading service configs) may require root and will expose sensitive local data. Only run after explicit user consent and consider running on a staging/test host first. - No credential requests: the skill does not ask for API keys or secrets, but it will read local files that may contain secrets; ensure the agent is prevented from exfiltrating data (network egress controls) and that the skill follows its read‑only promise. - Review output handling: ensure the agent or the environment will not automatically transmit the report to external services. If you plan to allow remediation, give explicit, per‑action approval before any destructive commands are executed. - Alternative: if you’re uncomfortable granting broad read access, run the listed commands manually in a controlled session or paste sanitized outputs to a trusted auditor. Overall: the skill appears coherent and appropriate for a local audit, but because its origin is unknown and it touches sensitive files, proceed cautiously and with explicit consent.
Capability Analysis
Type: OpenClaw Skill Name: alvis-sec-audit Version: 1.0.0 The skill 'openclaw-security-audit' (SKILL.md) is a security auditing tool that instructs the AI agent to perform extensive system reconnaissance and discovery. It utilizes high-risk commands to inspect network listeners (ss -tulpen), search the entire filesystem for SUID binaries (find / -perm -4000), read sensitive configuration files (~/.openclaw/config.json), and review system logs (journalctl). While the instructions include explicit safety guardrails—such as prohibitions on data exfiltration and requirements to redact secrets—the broad system access and information-gathering capabilities are inherently risky and align with the 'suspicious' classification for risky capabilities plausibly needed for a stated purpose.
Capability Assessment
Purpose & Capability
Name/description match the actions in SKILL.md: it enumerates checks for gateway presence, network exposure, config, skills, credentials, permissions, logs and processes. Nothing requested (no env vars, no installs) is disproportionate to the stated audit purpose.
Instruction Scope
Instructions are explicitly read‑only and scoped to audit tasks (ps, ss, cat, journalctl, find, systemctl, reading ~/.openclaw). These commands will access many sensitive files and logs (e.g., journalctl, find / -perm ...) and some checks may require elevated privileges or produce large output; the skill correctly instructs not to exfiltrate secrets and to redact sensitive contents. Recommend explicit user consent before running privileged or broad scans.
Install Mechanism
No install spec or code files; instruction‑only skill has minimal installation risk (nothing will be written to disk by the skill itself).
Credentials
The skill requests no environment variables, credentials, or configuration paths in the metadata. The runtime instructions do read local config and token locations (e.g., ~/.openclaw/, .env files) which is appropriate for an audit and consistent with the skill purpose.
Persistence & Privilege
always is false and the skill does not request persistent installation or modification of other skills. The skill does not ask to enable itself permanently or to modify global agent config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install alvis-sec-audit
  3. After installation, invoke the skill by name or use /alvis-sec-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
openclaw-security-audit v1.0.0 - Initial release of the OpenClaw/Clawdbot security auditor. - Produces detailed, actionable terminal reports for misconfigurations, public exposure, and best-practice gaps. - Covers checks for network binding, authentication, tool/exec policies, skills’ supply-chain risk, credentials, file permissions, and process persistence. - Emphasizes read-only inspection, clear impact explanations, and specific fixes for each finding. - Redacts any detected secrets in reports and never makes changes unless explicitly requested.
Metadata
Slug alvis-sec-audit
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Security Audit?

Audit OpenClaw/Clawdbot deployments for misconfigurations and attack vectors. Use when a user asks for a security review of OpenClaw/Clawdbot/Moltbot, gatewa... It is an AI Agent Skill for Claude Code / OpenClaw, with 68 downloads so far.

How do I install Security Audit?

Run "/install alvis-sec-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Security Audit free?

Yes, Security Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Security Audit support?

Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Security Audit?

It is built and maintained by AlvisDunlop (@alvisdunlop); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments