← Back to Skills Marketplace
zoowii

Config Security Scanner

by zoowii · GitHub ↗ · v1.0.5 · MIT-0
cross-platform ✓ Security Clean
418
Downloads
1
Stars
1
Active Installs
6
Versions
Install in OpenClaw
/install scanner-for-openclaw
Description
Security expert for OpenClaw deployments. Audits local configuration files for vulnerabilities in network settings, channel policies, and tool permissions. P...
Usage Guidance
This skill appears to be what it says: a local, static-config security scanner for OpenClaw. Before installing or automating it: 1) verify the package version and source (files show version 1.0.4 but registry metadata lists 1.0.5), 2) confirm whether OPENCLAW_CONFIG is intended to be required or optional (clawhub.json declares envRead but top-level metadata did not), 3) ignore/clarify the README line about optional external tools (lsof/ss) since the code avoids subprocesses, 4) run the scanner in a safe environment (or review scripts) and backup your configs before applying any remediation steps—the playbook marks service restarts and CLI actions as [OPERATOR], so those should be performed by an admin. If you plan to allow the agent to invoke this skill autonomously, ensure you’re comfortable with it reading the listed config files and writing report files in your workspace.
Capability Analysis
Type: OpenClaw Skill Name: scanner-for-openclaw Version: 1.0.5 The OpenClaw Security Scanner is a legitimate utility designed to perform static analysis of local configuration files to identify security misconfigurations. The code in `scripts/security_scan.py` strictly adheres to its stated purpose, avoiding risky operations like network probing or subprocess execution, and its declared permissions in `clawhub.json` are appropriately restricted to reading specific configuration paths and writing reports. Documentation in `SKILL.md` and the `references/` directory provides helpful security guidance while explicitly labeling high-risk remediation steps as operator-only actions.
Capability Assessment
Purpose & Capability
The skill claims to perform pure static analysis of OpenClaw configuration files and the Python scripts do exactly that: they read typical OpenClaw config paths, examine gateway/channel/tool settings, and produce findings. This capability aligns with the stated purpose. Minor mismatch: README mentions `lsof`/`ss` as 'optional' for port detection, but the SKILL.md, clawhub.json, and security_scan.py explicitly avoid subprocess/network use — this is likely leftover documentation and should be cleaned up.
Instruction Scope
SKILL.md instructs the agent to read local config files, run the provided scanner or CLI wrapper, and produce reports; the scanner code only accesses declared config paths and the OPENCLAW_CONFIG env var. There are no instructions to access unrelated files, external endpoints, or to execute system commands.
Install Mechanism
No install spec is provided (instruction-only entry point), so nothing is pulled from arbitrary URLs. The included packaging script writes tarballs to /tmp which is normal for packaging. Overall install risk is low.
Credentials
Permissions declared in clawhub.json (read specific OpenClaw config paths, read OPENCLAW_CONFIG env var, write report files) map to the scanner's needs. However, the top-level registry metadata in the submission lists 'Required env vars: none' while clawhub.json and the scanner reference OPENCLAW_CONFIG — a metadata/documentation inconsistency. Confirm whether OPENCLAW_CONFIG is optional or required before granting env access.
Persistence & Privilege
The skill is not force-included (always:false) and does not request elevated persistent privileges. It does not modify other skills' configs. Autonomous invocation is allowed (platform default) but not combined with broad or unusual access here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install scanner-for-openclaw
  3. After installation, invoke the skill by name or use /scanner-for-openclaw
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.5
No file changes detected; version bump only. No functional or documentation updates in this release.
v1.0.4
- removed 1 file(s). - Updated SKILL.md and bundle contents.
v1.0.3
- Added initial test suite for the security scanner. - Included test package structure (tests/__init__.py). - Added security scan tests (tests/test_security_scan.py) to improve reliability and enable automated testing.
v1.0.2
1.0.2 - Remove external network access - Removed GitHub API fetching to eliminate outbound HTTP requests - Scanner now operates fully offline on local configuration only - Resolves ClawHub suspicious flag for network activity
v1.0.1
1.0.1 - Remove external network access - Removed GitHub API fetching to eliminate outbound HTTP requests - Now operates fully offline, scanning only local configurations - GitHub security issues and CVE checks are no longer included - Addresses ClawHub suspicious flag for outbound requests
v1.0.0
openclaw-security-scanner 1.0.0 - Initial release - Scans OpenClaw deployments for security vulnerabilities in network configurations, channel policies, and tool permissions. - Audits integration channels (Telegram, WhatsApp, Web) for unsafe policies. - Analyzes GitHub for relevant security issues and CVEs affecting OpenClaw. - Provides remediation steps for each finding, including risk level, impact, and rollback plan to ensure safe changes. - Generates actionable, Markdown-formatted reports for administrators. - Requires minimum OpenClaw version 2026.3.0.
Metadata
Slug scanner-for-openclaw
Version 1.0.5
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 6
Frequently Asked Questions

What is Config Security Scanner?

Security expert for OpenClaw deployments. Audits local configuration files for vulnerabilities in network settings, channel policies, and tool permissions. P... It is an AI Agent Skill for Claude Code / OpenClaw, with 418 downloads so far.

How do I install Config Security Scanner?

Run "/install scanner-for-openclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Config Security Scanner free?

Yes, Config Security Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Config Security Scanner support?

Config Security Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Config Security Scanner?

It is built and maintained by zoowii (@zoowii); the current version is v1.0.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments