← Back to Skills Marketplace
303
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install clawgears-securityaudit
Description
Conduct security audits for OpenClaw-based AI assistants on macOS to detect exposure risks, weak tokens, sensitive commands, and IP leaks.
README (SKILL.md)
ClawGears Security Audit Skill
Overview
ClawGears is a security audit tool for OpenClaw/MoltBot/ClawdBot users on macOS. It helps detect and fix security vulnerabilities that could expose your AI assistant to the public internet.
🌟 New in v1.4.0: Context-Aware Risk Explanations
Instead of one-size-fits-all "best practices", ClawGears now provides scenario-based risk analysis:
- Each check explains what it protects and real impact by scenario
- Recommendations are graded: 🔴必须 / 🟠建议 / 🟡可选 / ⚪评估后决定
- Legitimate reasons to not fix are acknowledged
- Alternative compensating measures are suggested
Use this skill when:
- User asks about OpenClaw security
- User wants to check if their AI assistant is exposed
- User mentions "裸奔" (Chinese), "むき出し" (Japanese), "expuesto" (Spanish) or security concerns
- User wants to audit their OpenClaw configuration
- User asks about IP leak detection
Supported Languages: ClawGears README is available in 7 languages:
- 🇬🇧 English | 🇨🇳 中文 | 🇩🇪 Deutsch | 🇫🇷 Français | 🇮🇹 Italiano | 🇯🇵 日本語 | 🇪🇸 Español
⚠️ Requirements & Dependencies
System Binaries Required
| Binary | Purpose |
|---|---|
python3 |
JSON parsing |
curl |
HTTP requests, IP detection |
lsof |
Port and process inspection |
pgrep / pkill |
Process management |
openssl |
Token generation |
socketfilterfw |
macOS firewall control (/usr/libexec/ApplicationFirewall/socketfilterfw) |
Platform
- macOS only - Uses macOS-specific tools and paths
📁 Files Accessed
Read Operations
| Path | Purpose |
|---|---|
~/.openclaw/openclaw.json |
OpenClaw configuration (token, gateway settings) |
~/.openclaw/logs/ |
Gateway logs for anomaly detection |
/Library/Application Support/com.apple.TCC/TCC.db |
macOS TCC database (Full Disk Access, Accessibility) |
~/Library/Application Support/com.apple.TCC/TCC.db |
User-level TCC database |
Write Operations
| Path | Purpose |
|---|---|
./history/ |
Audit result storage (JSON, HTML reports) |
./reports/ |
Generated audit reports |
~/.openclaw/openclaw.json |
Configuration fixes (with --fix flag only) |
🌐 Network Calls
External Services (IP Detection)
| Domain | Purpose | Data Sent |
|---|---|---|
api.ipify.org |
Public IP detection | None (GET request) |
icanhazip.com |
Public IP detection (fallback) | None |
ifconfig.me/ip |
Public IP detection (fallback) | None |
External Services (Leak Detection)
| Domain | Purpose | Data Sent |
|---|---|---|
openclaw.allegro.earth |
OpenClaw exposure database check | Your public IP |
search.censys.io |
Censys scan database (link only, manual check) | None from script |
www.shodan.io |
Shodan scan database (link only, manual check) | None from script |
🔐 Privacy Notice
Before running this skill, please be aware:
-
IP Transmission: Your public IP address will be sent to:
api.ipify.org(or fallback services) for IP detectionopenclaw.allegro.earthfor exposure database check
-
Local File Access: This skill reads:
- Your OpenClaw configuration (including tokens)
- macOS TCC permission database
- Gateway logs
-
System Changes: The
interactive-fix.shscript can:- Modify OpenClaw configuration
- Generate new tokens
- Restart Gateway service
- Require
sudofor firewall changes
-
Recommendation: Review scripts before running. Run
quick-check.shfirst (read-only) before applying any fixes.
Security Risks Explained
Use this section to understand each risk, its actual impact, and whether it applies to your situation.
| Risk | What It Protects | Real Impact | Fix Priority |
|---|---|---|---|
| Gateway exposed | Prevent unauthorized access to your AI assistant | 🔴 Critical - Anyone on the internet can control your AI. Fix immediately if exposed. | Weak token |
| - ✅ Enable if Mac is portable or in shared spaces | |||
| - ⚠️ OK to disable if you need remote restart control (e.g., for Mac-to-Mac sync) | |||
| - If disabled, consider physical security measures instead | |||
| IP in leak database | Check if already exposed | 🟠 High - Your IP is in a public exposure database. Check before panicking: | |
| - If you've been using OpenClaw for a while without issues, it IP may have been indexed already. | |||
| - If you just started, use the tool: do a quick check and not a leak. | |||
| iCloud sync enabled | Prevent sensitive data cloud sync | 🟡 Low - iCloud may sync Documents, Desktop, Pictures by default. Evaluate based on your needs: | |
| - ✅ Enable if you store sensitive data in these folders | |||
| - ⚠️ OK to disable if you don't store sensitive data in these locations | |||
| - If disabled, consider using .gitignore for excluding patterns | |||
| SIP disabled | Protect system integrity | 🟡 Low - System-level protections are reduced. **Usually OK to keep enabled, - Only disable if you have a specific, legitimate reason (e.g., development, testing) | |
| - If disabled, be extra cautious about what you install |
Quick Security Check
Run a fast 5-second security audit (read-only, safe to run):
./scripts/quick-check.sh
This checks:
- Gateway network exposure
- Token strength
- Command injection protection
- TCC permissions
- Firewall status
Full Security Audit
Run comprehensive security check:
./scripts/generate-report.sh --format html --output ./reports
IP Leak Detection
Check if user's IP has been exposed in security databases:
./scripts/ip-leak-check.sh --all
Checks 3 databases:
- openclaw.allegro.earth - OpenClaw specific exposure database
- Censys - Internet-wide scanning database (https://search.censys.io)
- Shodan - IoT and service scanning database (https://www.shodan.io)
Interactive Fix
⚠️ Requires explicit user consent before running
Automatically fix common security issues:
./scripts/interactive-fix.sh
Options:
--bind- Rebind Gateway to localhost--token- Generate new strong token--deny- Add sensitive commands to deny list--restart- Restart Gateway service--all- Fix all issues
Workflow
When user asks about security:
-
First, run quick check to identify issues (read-only):
./scripts/quick-check.sh -
If issues found, explain risks and ask for consent before fixing:
./scripts/interactive-fix.sh --all -
Check IP exposure:
./scripts/ip-leak-check.sh --all -
Generate report for records:
./scripts/generate-report.sh --format html
Output Interpretation
Quick Check Results
| Symbol | Meaning |
|---|---|
| ✅ PASS | Security check passed |
| ⚠️ WARN | Warning, review recommended |
| ❌ FAIL | Critical issue, fix immediately |
IP Leak Results
| Result | Action |
|---|---|
| IP NOT in database | Continue monitoring |
| IP FOUND in database | URGENT: Close public access, regenerate tokens |
Important Reminders
- Always recommend running quick check first (read-only, safe)
- Explain risks in plain language before fixing
- Ask for explicit consent before running interactive-fix.sh
- Suggest periodic checks (weekly or after config changes)
- Warn about the 220,000+ exposed OpenClaw instances
Statistics
Over 220,000 OpenClaw instances are publicly exposed. Many API keys have already leaked to hacker databases.
Related Links
- GitHub: https://github.com/JinHanAI/ClawGears
- ClawHub: https://clawhub.ai
License
MIT-0 (ClawHub Platform License)
Usage Guidance
This tool appears to do what it says: check OpenClaw exposures and optionally fix configuration. Before running: 1) Review the bundled scripts (quick-check.sh and interactive-fix.sh) so you understand each change. 2) Run quick-check.sh first (read-only). 3) Be aware the audit will read ~/.openclaw/openclaw.json (may contain tokens) and macOS TCC DB; it will send your public IP to openclaw.allegro.earth and public IP services — only run those checks if you trust that external service. 4) Back up ~/.openclaw (the interactive fixer already creates backups) and ensure you can restore service if changes are applied. 5) Expect some fixes to require sudo (firewall) and the ability to restart the gateway binary. 6) Consider running in an isolated or test machine if you're uncomfortable with automatic fixes. Finally, the registry metadata should be updated to list the required binaries (python3, curl, lsof, pgrep/pkill, openssl, socketfilterfw); the mismatch is benign but worth correcting.
Capability Analysis
Type: OpenClaw Skill
Name: clawgears-securityaudit
Version: 1.0.2
ClawGears is a security auditing and hardening tool for OpenClaw users on macOS. It performs legitimate security checks, such as verifying port bindings (via `lsof`), token entropy, and macOS system protections like SIP, FileVault, and the Application Firewall. The bundle includes scripts for generating reports (`generate-report.sh`), performing interactive fixes (`interactive-fix.sh`), and checking for IP exposure (`ip-leak-check.sh`). While the tool transmits the user's public IP to external services (e.g., `api.ipify.org` and `openclaw.allegro.earth`) to detect leaks, this behavior is explicitly documented in the `SKILL.md` privacy notice and aligns with the tool's stated purpose. No evidence of malicious intent, hidden data exfiltration, or unauthorized persistence was found.
Capability Assessment
Purpose & Capability
The skill's name/description (macOS OpenClaw security audit) matches the code and SKILL.md: it inspects OpenClaw config, logs, macOS TCC database, checks firewall/FileVault/SIP, tests ports, and can apply fixes. Minor inconsistency: registry metadata listed no required binaries, but SKILL.md explicitly requires macOS tools (python3, curl, lsof, pgrep/pkill, openssl, socketfilterfw). That mismatch should be corrected but does not indicate malicious intent.
Instruction Scope
Runtime instructions and bundled scripts operate within the stated audit/fix scope: reading ~/.openclaw/openclaw.json and gateway logs, querying public-IP services, checking TCC DB, running lsof/pgrep, and optionally modifying the OpenClaw config and firewall. No instructions attempt to read unrelated system secrets or contact unexpected external endpoints beyond the stated exposure checks.
Install Mechanism
There is no external install/download step; code is bundled with the skill (shell scripts). No archive downloads or obscure external installers are used. Because scripts are shipped with the skill, they will run locally when invoked — review the included scripts before execution.
Credentials
The skill requests no environment variables, which is appropriate. It does, however, read highly sensitive local artifacts (OpenClaw config which may contain tokens, TCC.db entries) and sends your public IP to openclaw.allegro.earth (and uses public IP services like api.ipify.org). Those actions are proportionate to an exposure audit but are privacy-sensitive — the SKILL.md does disclose this. Confirm you trust the external exposure service before running checks that contact it.
Persistence & Privilege
always:false and default autonomous invocation are used (normal). The skill may modify only OpenClaw config files in ~/.openclaw, create local report/history files, restart the gateway process, and request sudo for firewall changes — all are within its stated remit. It does not request system-wide persistent privileges beyond these expected actions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawgears-securityaudit - After installation, invoke the skill by name or use
/clawgears-securityaudit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Added scripts/system-security-check.sh for enhanced system-level security auditing.
- Updated documentation to clarify risk explanations and supported use cases.
- No breaking changes; core functionality remains unchanged.
v1.0.1
**Expanded requirements, dependencies, privacy, and consent guidance:**
- Added detailed lists of required system binaries, platform limitations, and files accessed (read/write).
- Documented all external network calls and what data is sent.
- Introduced a Privacy Notice section, clearly explaining what information is transmitted and which local files are accessed.
- Stated that "interactive-fix" requires explicit user consent before making changes.
- Provided improved instructions marking "quick-check" as safe/read-only, and advised reviewing scripts before running fixes.
- Other skill functions and workflow remain unchanged.
v1.0.0
Initial release of the ClawGears Security Audit Skill:
- Provides automated security auditing for OpenClaw/MoltBot/ClawdBot on macOS.
- Detects critical risks, including gateway exposure, weak tokens, sensitive command access, and IP leaks.
- Includes quick and full security audit scripts, IP leak checks, and interactive auto-fix options.
- Offers easy-to-understand results and step-by-step workflows for users concerned about security.
- Emphasizes best practices, with guidance on immediate actions if vulnerabilities are found.
Metadata
Frequently Asked Questions
What is ClawGears?
Conduct security audits for OpenClaw-based AI assistants on macOS to detect exposure risks, weak tokens, sensitive commands, and IP leaks. It is an AI Agent Skill for Claude Code / OpenClaw, with 303 downloads so far.
How do I install ClawGears?
Run "/install clawgears-securityaudit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ClawGears free?
Yes, ClawGears is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ClawGears support?
ClawGears is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ClawGears?
It is built and maintained by JinHanAI (@jinhanai); the current version is v1.0.2.
More Skills