← Back to Skills Marketplace
Firm Security Audit
by
romainsantoli-web
· GitHub ↗
· v1.0.0
323
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install firm-security-audit
Description
Audit de sécurité proactif des déploiements OpenClaw. Détecte et remédie aux 4 gaps critiques/hauts identifiés dans openclaw/openclaw : SQL injection (C1), s...
README (SKILL.md)
firm-security-audit
⚠️ Contenu généré par IA — validation par un expert sécurité requise avant toute modification en production.
Purpose
Ce skill est la porte de sécurité obligatoire avant tout déploiement ou exposition
réseau d'un Gateway OpenClaw. Il comble directement les gaps critiques identifiés dans
openclaw/openclaw depuis l'extérieur du repo, sans modifier le code upstream.
Gaps couverts :
| Gap | Sévérité | Outil |
|---|---|---|
C1 — SQL injection /api/metrics/database |
CRITICAL | openclaw_security_scan |
C2 — sandbox.mode: off par défaut |
CRITICAL | openclaw_sandbox_audit |
| C3 — Session secret régénéré au restart | HIGH | openclaw_session_config_check |
| H8 — Absence de rate limiting sur WS Gateway | HIGH | openclaw_rate_limit_check |
| M10 — Matrix E2EE status non documenté | MEDIUM | checklist documentaire |
Tools activés
openclaw_security_scan — détection SQL injection (C1)
openclaw_sandbox_audit — vérification sandbox config (C2)
openclaw_session_config_check — contrôle session secret persistance (C3)
openclaw_rate_limit_check — vérification rate limiter (H8)
firm_export_slack_digest — notification équipe si CRITICAL trouvé
Séquence d'audit obligatoire
À exécuter avant chaque déploiement ou avant activation de Tailscale Funnel.
Étape 1 — Sandbox audit (C2, priorité CRITIQUE)
{
"tool": "openclaw_sandbox_audit",
"args": {
"config_path": "/path/to/.openclaw/config.yaml"
}
}
Attendu : severity: OK avec sandbox_mode: non-main ou all
Si CRITICAL : appliquer le fix_snippet fourni avant de continuer
Étape 2 — SQL injection scan (C1)
{
"tool": "openclaw_security_scan",
"args": {
"target_path": "/path/to/openclaw/src/api",
"endpoint": "/api/metrics/database",
"scan_depth": 4
}
}
Attendu : critical_count: 0, high_count: 0
Si CRITICAL ou HIGH : appliquer remediation_by_severity avant déploiement
Étape 3 — Session secret check (C3)
{
"tool": "openclaw_session_config_check",
"args": {
"compose_file_path": "/path/to/docker-compose.yml",
"env_file_path": "/path/to/.env"
}
}
Attendu : session_secret_found: true
Si HIGH : appliquer fix_docker ou fix_env fourni
Étape 4 — Rate limiting check (H8)
{
"tool": "openclaw_rate_limit_check",
"args": {
"gateway_config_path": "/path/to/.openclaw/config.yaml",
"check_funnel": true
}
}
Attendu : rate_limiter_detected: true OU funnel_active: false
Si CRITICAL (funnel actif sans rate limiter) : appliquer fix_nginx ou fix_caddy immédiatement
Étape 5 — Alerte si CRITICAL (automatique)
Si un des audits retourne severity: CRITICAL, dispatcher automatiquement via :
{
"tool": "firm_export_slack_digest",
"args": {
"objective": "Security audit — CRITICAL finding",
"content": "\x3Crésultats de l'audit>",
"channel": "#security-alerts"
}
}
Checklist Matrix E2EE (M10)
Vérification documentaire manuelle (pas d'outil disponible — trop repo-spécifique) :
- Le
CONTRIBUTING.mdOpenClaw mentionne-t-il le statut E2EE Matrix ? - Les utilisateurs Matrix privacy-sensitive sont-ils informés de l'absence d'E2EE ?
- Un ADR (
firm_adr_generate) documente-t-il la décision E2EE Matrix ?
Templates de remédiation rapide
C2 — Sandbox fix (ajout dans config.yaml)
agents:
defaults:
sandbox:
mode: non-main # ← activer isolation Docker pour sessions non-main
sessions:
main:
sandbox:
mode: off # main conserve accès hôte (intentionnel)
C3 — Session secret (docker-compose.yml)
services:
openclaw:
environment:
SESSION_SECRET: "${SESSION_SECRET:?SESSION_SECRET env var required}"
# Générer : openssl rand -base64 48 > /etc/openclaw/session.secret
H8 — Rate limiting Nginx
limit_req_zone $binary_remote_addr zone=openclaw:10m rate=30r/m;
server {
location /ws {
limit_req zone=openclaw burst=10 nodelay;
proxy_pass http://127.0.0.1:18789;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Escalade
| Résultat | Action |
|---|---|
| Tout OK | Déploiement autorisé — log de l'audit dans docs/security-audits/ |
| CRITICAL sandbox ou SQL | Bloquer le déploiement — fix obligatoire avant push |
| CRITICAL rate limit + funnel | Désactiver Funnel et appliquer Nginx/Caddy immédiatement |
| HIGH session secret | Appliquer fix + redémarrer le container avec le secret persistant |
Intégration CI/CD
Ajouter dans le workflow GitHub Actions :
- name: Security audit (firm-security-audit)
run: |
# Depuis le CTO ou Engineering agent avant chaque deploy
openclaw skill run firm-security-audit \
--config $OPENCLAW_CONFIG_PATH \
--fail-on CRITICAL,HIGH
OpenClaw gaps : C1 (#29951 SQL injection), C2 (sandbox off), C3 (#29955 session secret), H8 (no rate limit)
💎 Support
Si ce skill vous est utile, vous pouvez soutenir le développement :
Dogecoin : DQBggqFNWsRNTPb6kkiwppnMo1Hm8edfWq
Usage Guidance
Before installing or running this skill: 1) Verify provenance — the source is unknown and there is no homepage or maintainer contact; prefer skills from vetted authors. 2) Confirm that the runtime tools the SKILL.md names (openclaw_security_scan, openclaw_sandbox_audit, firm_export_slack_digest, and the openclaw CLI) actually exist in your environment or are listed as required dependencies; ask the author for an explicit dependency list. 3) Treat the remediation snippets as suggestions only: review and test them in staging — they modify configs and may require root privileges (writing /etc/openclaw/session.secret). 4) Provide Slack/webhook credentials deliberately and separately if you want alerting; the skill does not declare or request them, so automatic dispatch could fail or — worse — be misconfigured. 5) If you plan to run scans that read .env or compose files, ensure the operator/agent has authorization to access those secrets and consider running in read-only mode first. 6) Given the unknown source, consult a human security reviewer before using this skill against production systems. Providing the skill's author, repository, or a verified package of the referenced tools would raise confidence.
Capability Analysis
Type: OpenClaw Skill
Name: firm-security-audit
Version: 1.0.0
The skill bundle is designed for proactive security auditing, addressing known vulnerabilities in OpenClaw deployments. It orchestrates calls to various audit tools (`openclaw_security_scan`, `openclaw_sandbox_audit`, etc.) and includes a step to send critical findings to a Slack channel via `firm_export_slack_digest`. All file access (e.g., config files, Docker Compose) and network communication (Slack alerts) are directly aligned with the stated purpose of a security audit and alerting. There is no evidence of prompt injection attempting to subvert the agent's behavior, exfiltrate arbitrary data, or execute malicious commands beyond the scope of the audit. The skill aims to identify and remediate vulnerabilities, not introduce or exploit them.
Capability Assessment
Purpose & Capability
The skill is clearly an OpenClaw-focused security audit and the embedded metadata references mcp-openclaw-extensions >= 2.0.0 which is coherent. However the instructions assume the presence of runtime tools (openclaw_security_scan, openclaw_sandbox_audit, firm_export_slack_digest, etc.) and an 'openclaw' CLI for CI usage while the registry metadata and requirements list no declared binaries or credentials. The lack of declared runtime dependencies (CLI/tools) is unexpected for a tool-driven audit.
Instruction Scope
The SKILL.md directs the agent/operator to read and modify local files and paths (config.yaml, docker-compose.yml, .env, /etc/openclaw/session.secret) and to run scans against code paths and endpoints. It also includes automated remediation snippets and an automatic Slack dispatch step. Those actions involve reading potentially sensitive files and making persistent changes; the skill does not document authorization, safety checks, or a read-only audit mode.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes installer risk. There are no downloads or archive extracts. However, runtime behavior depends on external tools that are not declared in the registry metadata.
Credentials
The instructions require reading env files and performing actions that will access secrets (SESSION_SECRET in .env) and send results to Slack, but the skill declares no required environment variables, webhooks, or tokens. Requiring access to .env files and an outbound notification channel without declaring or requesting corresponding credentials is disproportionate and could lead to unexpected secret access or accidental exfiltration.
Persistence & Privilege
always is false and the skill does not claim to persist itself or change other skills' configs. It does propose making persistent system/config changes (writing session.secret, editing config.yaml) but that is presented as remediation steps for operators to apply — the skill itself does not request elevated platform privileges in metadata.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install firm-security-audit - After installation, invoke the skill by name or use
/firm-security-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
firm-security-audit 1.0.0 — Initial release.
- Provides proactive security auditing for OpenClaw deployments.
- Detects and remediates four critical/high security gaps: SQL injection, sandbox off by default, non-persistent session secret, and missing rate limiting.
- Includes step-by-step audit sequence with ready-to-use remediation templates.
- Issues automatic Slack alerts for CRITICAL findings.
- Requires manual checklist review for Matrix E2EE documentation gap.
- Designed for mandatory execution before any deployment or public exposure.
Metadata
Frequently Asked Questions
What is Firm Security Audit?
Audit de sécurité proactif des déploiements OpenClaw. Détecte et remédie aux 4 gaps critiques/hauts identifiés dans openclaw/openclaw : SQL injection (C1), s... It is an AI Agent Skill for Claude Code / OpenClaw, with 323 downloads so far.
How do I install Firm Security Audit?
Run "/install firm-security-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Firm Security Audit free?
Yes, Firm Security Audit is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Firm Security Audit support?
Firm Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Firm Security Audit?
It is built and maintained by romainsantoli-web (@romainsantoli-web); the current version is v1.0.0.
More Skills