← Back to Skills Marketplace
161
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install security-auditor-tk
Description
Run security audits on Linux servers, web applications, and cloud infrastructure. Checks SSH hardening, firewall rules, open ports, SSL/TLS config, file perm...
Usage Guidance
This skill appears coherent and is a typical instruction-only security auditor, but be careful before allowing any suggested commands to execute: 1) Review all recommended fix commands before running them — many are destructive or change authentication (sed edits, systemctl, mount remount). 2) Run audits in a safe environment or snapshot/back up configs first. 3) For cloud reviews, provide credentials only through secure channels and scope them (read-only where possible). 4) Prefer running the audit as a non-root user or in a test/staging instance; escalate privileges manually only after verifying the recommendations. 5) If you plan to let the agent invoke commands autonomously, restrict its execution rights and monitor actions closely.
Capability Analysis
Type: OpenClaw Skill
Name: security-auditor-tk
Version: 1.0.0
The security-auditor-tk skill is a legitimate tool designed for Linux server hardening and security auditing. The instructions in SKILL.md and the reference files (common-fixes.md, hardening-checklist.md) contain standard industry-best-practice commands for securing SSH, configuring firewalls, and auditing system permissions. No evidence of data exfiltration, malicious prompt injection, or unauthorized persistence was found; the tool's behavior is entirely consistent with its stated purpose.
Capability Assessment
Purpose & Capability
The name/description, SKILL.md, README, and reference docs all describe the same set of audits (SSH, firewall, file perms, TLS, web headers, updates, etc.). There are no declared env vars, required binaries, or config paths that are unrelated to running those checks. The cloud-review section expects provider and connection details from the user, which is consistent with auditing cloud resources.
Instruction Scope
The instructions explicitly direct scanning of system state and producing exact remediation commands (e.g., find /, sed edits to /etc/ssh/sshd_config, mount remount, systemctl operations). This is coherent for an auditor but means the agent will examine many system files and produce commands that, if executed, change system configuration. The SKILL.md does not instruct exfiltration or posting data to external endpoints, but it does rely on the user providing access details for cloud reviews.
Install Mechanism
This is an instruction-only skill with no install spec and no code files executed at install time — lowest risk from installation perspective.
Credentials
The skill declares no required environment variables or credentials. The cloud review instructions implicitly require cloud credentials or a connection method (user-provided), which is expected for that feature but not declared as required env vars. There are no unrelated credential requests in the package.
Persistence & Privilege
always is false and the skill does not request persistent system modifications or alter other skills. Model invocation is allowed (normal). Note: autonomous invocation plus the ability to produce and run system-altering commands means you should limit execution privileges (do not run as root) unless you explicitly trust the audit results.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install security-auditor-tk - After installation, invoke the skill by name or use
/security-auditor-tk - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — comprehensive security auditing for servers, web apps, and cloud infrastructure.
- Audits SSH, firewall, ports, updates, file permissions, and web app security.
- Checks for SSL/TLS misconfigurations, vulnerabilities, and insecure file access.
- Produces prioritized reports with exact commands for fixes and verification.
- Supports quick audits (e.g., SSH, web app headers) and full server scans.
- Includes references for hardening and fix commands.
Metadata
Frequently Asked Questions
What is Security Auditor Tk?
Run security audits on Linux servers, web applications, and cloud infrastructure. Checks SSH hardening, firewall rules, open ports, SSL/TLS config, file perm... It is an AI Agent Skill for Claude Code / OpenClaw, with 161 downloads so far.
How do I install Security Auditor Tk?
Run "/install security-auditor-tk" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Security Auditor Tk free?
Yes, Security Auditor Tk is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Security Auditor Tk support?
Security Auditor Tk is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Security Auditor Tk?
It is built and maintained by tktk-ai (@tktk-ai); the current version is v1.0.0.
More Skills