← Back to Skills Marketplace
Secucheck
by
Joonyoung Park
· GitHub ↗
· v2.8.0
3239
Downloads
4
Stars
1
Active Installs
15
Versions
Install in OpenClaw
/install secucheck
Description
Comprehensive security audit for OpenClaw. Scans 7 domains (runtime, channels, agents, cron, skills, sessions, network), supports 3 expertise levels, context-aware analysis, and visual dashboard. Read-only with localized reports.
Usage Guidance
What to check before installing or running secucheck:
1) Inspect scripts before execution — open scripts/full_audit.sh, serve_dashboard.sh, and all gather_*.sh to verify they only run read-only commands (ip/ss/netstat, reading ~/.openclaw config, etc.). Look specifically for network download commands (curl/wget), encoded payloads (base64, xxd), or destructive commands (rm -rf, dd, mkfs).
2) Confirm the dashboard binding behavior — examine serve_dashboard.sh to see which address it binds to (localhost vs 0.0.0.0 vs specific LAN IP) and which port it uses. If it binds to non-localhost, consider changing it to localhost or running it inside an isolated container/VM.
3) Review SKILL.md prompt text for the injection phrases flagged; remove or sanitize any language that could be interpreted by the agent as instruction overrides. Treat any embedded 'you are now' / 'ignore previous' style phrases as suspicious.
4) Run the skill in an isolated environment first (container or throwaway VM) and with no elevated privileges. Do not run it as root; the checks themselves warn of high risk when OpenClaw runs as root. Prefer a non-root account with read-only access to the OpenClaw config copy.
5) Verify provenance and metadata — the package has no homepage and source is unknown; confirm the author and repository, and resolve the internal version mismatch before trusting it in production.
6) If you want the report accessible remotely, explicitly consent and secure it (HTTPS, auth, or Tailscale). Avoid automatically advertising a LAN URL to users/devices that shouldn't access it.
If you are unsure, mark this skill as untrusted until a manual code review is completed or ask the author for a signed release/source repository. Running audits is reasonable, but the mismatches and prompt-injection indicators mean you should not run this skill unattended on sensitive systems.
Capability Analysis
Type: OpenClaw Skill
Name: secucheck
Version: 2.8.0
The skill is designed for security auditing, requiring broad permissions. It declares `exec: true` in `skill.json` and uses it across multiple scripts to run system commands, including `sudo` for privilege checks. The `serve_dashboard.sh` script starts a Python HTTP server bound to `0.0.0.0` on port 8766, making the generated report accessible on the local network. While these capabilities are plausibly needed for a comprehensive security audit and the skill includes safeguards like redacting sensitive data and requiring explicit user confirmation for fixes, the presence of such high-risk capabilities without clear malicious intent falls under the 'suspicious' classification as per the defined threshold.
Capability Assessment
Purpose & Capability
Name/description claim a read-only security auditor — that aligns with the included checks and dashboard. However the SKILL.md and scripts clearly read local OpenClaw config and runtime state (e.g. ~/.openclaw, network interfaces), yet the registry metadata declares no required config paths or credentials. Also _meta.json version (2.7.0) inside the package does not match registry metadata (2.8.0). These mismatches reduce traceability and make it harder to confirm the skill's provenance.
Instruction Scope
Agent instructions run a packaged full_audit.sh and then serve a dashboard using serve_dashboard.sh. The SKILL.md explicitly instructs using the LAN-accessible `url` (not localhost) when reporting the dashboard. That encourages exposing an HTML report to the local network. The SKILL.md also declares auto-trigger conditions (on skill install / agent/crons changes). Prompt-injection patterns were detected inside SKILL.md, indicating the skill text may contain phrases meant to override or manipulate the agent's normal instruction handling. All of this expands the runtime scope beyond a simple, passive audit.
Install Mechanism
No external install/download steps — scripts and templates are bundled with the skill. No network-install URLs or extract operations in the manifest were found. That reduces supply-chain risk compared with remote downloads.
Credentials
The skill declares no required env vars or config paths, but its checks and scripts are explicitly intended to read OpenClaw configuration, session directories, network interfaces, and credential locations (e.g. ~/.openclaw paths referenced in the documentation). That is a mismatch: the skill will access potentially sensitive local files without having them declared in metadata. The README/checks also suggest reading tokens and credential files for permission checks, which is reasonable for an auditor but should be explicit in metadata and user consent.
Persistence & Privilege
The package metadata does not request always:true and doesn't declare persistent system changes; the skill claims 'read-only' and 'never modifies configuration automatically'. However SKILL.md instructs auto-triggering on events (skill install, agent changes, cron changes) and to automatically start a local server and report a LAN IP. Autonomous invocation is allowed (default) — combined with the auto-trigger behavior and LAN-serving dashboard, this increases the practical blast radius if misused. No direct evidence of modifying other skills or system-wide settings was found.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install secucheck - After installation, invoke the skill by name or use
/secucheck - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.8.0
secucheck 2.8.0
- Improved handling and documentation for failed security checks by adding platform-specific fallback commands.
- Enhanced cross-platform compatibility with clearer instructions for Linux, macOS, WSL, Windows, and DSM environments.
- Expanded agent instructions on fallback procedures for minimal environments and missing tools.
- Documentation updates in SKILL.md for platform detection fields and fallback workflow.
- No core features changed; this is a workflow and documentation enhancement release.
v2.7.1
Fix: Use LAN IP instead of localhost for dashboard URL guidance
v2.7.0
Dashboard v2: Inter + JetBrains Mono fonts, larger text (16px base), working expand/collapse with arrow indicator, professional security aesthetic, fixed ClawHub link.
v2.6.0
Simplified dashboard: Clean monochrome dark theme, no gradients/animations. Localized templates (ko, en, ja, zh). Professional security aesthetic.
v2.5.0
Dashboard redesign: Modern dark theme with gradients, better typography, Info count added, improved mobile layout, animated score circle, color-coded finding items.
v2.4.0
Dashboard now uses full_audit.sh output directly. Findings synchronized between text report and dashboard. Category-based sections with proper severity badges.
v2.3.2
Dashboard now returns local IP URL for remote access (not just localhost).
v2.3.1
Report format: Organize findings by category (Runtime, Agents, Workspace, Skills, Channels, Network). Auto-open dashboard after text report.
v2.3.0
Enhanced agent analysis: Scans SOUL.md files for risky patterns, checks agent directory permissions, scans AGENTS.md for security-relevant patterns (exec, sudo, automation). Workspace file inventory added.
v2.2.0
Cross-platform support: Linux, macOS, WSL, DSM, Windows. Added OS detection (os_variant, in_wsl, in_dsm). Failed checks tracking with fallback commands guide. Agent can supplement with platform-specific commands.
v2.1.9
Fixed: Use bash explicitly for script calls. ClawHub strips executable permissions during publish/install.
v2.1.8
Added YAML frontmatter with summary for ClawHub display. All internal processing in English, localized final reports only.
v2.1.7
All internal processing in English. Added Summary section, Trust Hierarchy, Incident Response reference, Security Assessment Questions. Localized output only for final user-facing report.
v1.1.0
Added runtime checks, dashboard support, full_audit script
v1.0.0
Initial release of secucheck: OpenClaw Security Audit skill.
- Provides comprehensive security checks for channels, agents, cron jobs, skills, sessions, network, and runtime environment.
- Supports 3 explanation levels (beginner, intermediate, expert) with tailored outputs in Korean and English.
- Offers visual HTML dashboard reports and direct browser viewing.
- Auto-triggers security reviews on skill/agent/cron job changes.
- Includes risk analysis matrix, context-aware exceptions, and clear, user-confirmed remediation guidance.
- Advanced finding formatting and scenario-based explanations.
Metadata
Frequently Asked Questions
What is Secucheck?
Comprehensive security audit for OpenClaw. Scans 7 domains (runtime, channels, agents, cron, skills, sessions, network), supports 3 expertise levels, context-aware analysis, and visual dashboard. Read-only with localized reports. It is an AI Agent Skill for Claude Code / OpenClaw, with 3239 downloads so far.
How do I install Secucheck?
Run "/install secucheck" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Secucheck free?
Yes, Secucheck is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Secucheck support?
Secucheck is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Secucheck?
It is built and maintained by Joonyoung Park (@jooneyp); the current version is v2.8.0.
More Skills