← Back to Skills Marketplace
jimpang8

Security Network Hardening

by jimpang8 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
449
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install security-network-hardening
Description
Audit and harden an OpenClaw host and its network exposure. Use for security checks, hardening, firewall setup, network exposure review, metrics endpoint res...
README (SKILL.md)

Security + Network Hardening

Audit first, then harden with explicit approval. Keep this file short; read the references when needed.

Core rules

  • Start read-only unless the user explicitly asks for fixes.
  • Require confirmation before any state-changing action.
  • Preserve current management access; do not break SSH/RDP/VNC.
  • Prefer exact findings over generic advice.
  • After workspace edits, commit them.

Read-only baseline

Run:

uname -a
cat /etc/os-release
id
ss -ltnup 2>/dev/null || ss -ltnp 2>/dev/null
openclaw security audit --deep
openclaw update status
openclaw status --deep

If firewall state matters, also run:

ufw status verbose || true
firewall-cmd --state 2>/dev/null || true
nft list ruleset 2>/dev/null || true

Priorities

Check for these first:

  1. elevated wildcard access in tools.elevated.allowFrom.*
  2. writable credentials directories
  3. missing gateway auth rate limiting
  4. broad or unclear listening ports
  5. metrics endpoints exposed too widely
  6. ineffective custom gateway.nodes.denyCommands
  7. workspace skill symlink escapes

Fix patterns

Read these only when relevant:

  • UFW/firewall workflow: references/ufw-playbook.md
  • OpenClaw config fixes: references/openclaw-fix-patterns.md

Artifact generation

When the user wants generated files, create:

  • firewall-rules.md
  • apply-firewall.sh
  • scripts/rollback-firewall.sh
  • scripts/verify-firewall.sh

Safe firewall order

  1. Confirm allowed source subnet/IPs.
  2. Add SSH rule first if SSH is in use.
  3. Apply LAN-only and single-host rules.
  4. Verify from expected clients.
  5. Re-check ufw status verbose and ss -ltnp.

Verification

After fixes, verify with:

openclaw security audit --deep
openclaw gateway status
python3 -m json.tool ~/.openclaw/openclaw.json >/dev/null
sudo ufw status verbose
ss -ltnp

Success means:

  • no critical audit findings
  • no warning audit findings when practical
  • gateway reachable
  • required ports reachable only from approved sources
Usage Guidance
This skill appears coherent and focused on hardening OpenClaw hosts. Before using it: (1) Run the suggested read-only audit commands first and review results. (2) Ensure the host has the tools the skill assumes (openclaw, ufw or nftables, ss, python3, sudo) since the manifest doesn't declare them. (3) Back up current firewall rules and configs (the provided rollback script expects backups in /etc/ufw/*.TIMESTAMP). (4) When applying changes, confirm the exact SSH/RDP management path to avoid locking yourself out. (5) Inspect the small scripts yourself (they are included) and test verification/rollback on a safe host or snapshot before applying to production.
Capability Analysis
Type: OpenClaw Skill Name: security-network-hardening Version: 1.0.0 The skill bundle is designed for security auditing and hardening of an OpenClaw host. It includes instructions for the agent to perform read-only audits, verify firewall states, and apply hardening fixes (such as restricting file permissions and configuring UFW) only with explicit user confirmation, with no evidence of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
The name/description (OpenClaw host/network hardening) align with the included SKILL.md, references, and scripts. The only mismatch is that the manifest lists no required binaries, yet the instructions and scripts expect commands like openclaw, ufw, ss, sudo, python3, and possibly firewall-cmd/nft; this is a declaration omission but not evidence of malicious intent.
Instruction Scope
SKILL.md stays on-topic: it instructs read-only audits first, explicit confirmation before changes, firewall playbooks, and verification steps. It references and reads OpenClaw config (~/.openclaw/openclaw.json) which is appropriate for this purpose. It does not instruct phone-home, exfiltration, or scanning unrelated user data.
Install Mechanism
No install spec (instruction-only) and included scripts are small and straightforward. No downloads or archive extraction are present.
Credentials
The skill requests no environment variables or external credentials. It does operate on local config (OpenClaw JSON) and requires root privileges to apply firewall changes; that is proportional to a firewall-hardening task.
Persistence & Privilege
always is false, the skill does not request persistent or privileged platform-level presence, and it does not modify other skills' configs. Scripts modify system firewall files only when the user runs them with sudo.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install security-network-hardening
  3. After installation, invoke the skill by name or use /security-network-hardening
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: OpenClaw security audit, firewall hardening, references, rollback and verify scripts.
Metadata
Slug security-network-hardening
Version 1.0.0
License MIT-0
All-time Installs 3
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Security Network Hardening?

Audit and harden an OpenClaw host and its network exposure. Use for security checks, hardening, firewall setup, network exposure review, metrics endpoint res... It is an AI Agent Skill for Claude Code / OpenClaw, with 449 downloads so far.

How do I install Security Network Hardening?

Run "/install security-network-hardening" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Security Network Hardening free?

Yes, Security Network Hardening is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Security Network Hardening support?

Security Network Hardening is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Security Network Hardening?

It is built and maintained by jimpang8 (@jimpang8); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments