← Back to Skills Marketplace
move78ai

m78armor : openclaw security configuration check

by Move78 AI · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
79
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install m78armor-security-check
Description
Read-only local OpenClaw security configuration check and hardening assessment. 本地只读 OpenClaw 安全配置检查与加固评估。
README (SKILL.md)

m78armor : openclaw security configuration check

中文说明: 本工具用于本地只读 OpenClaw 实例的安全配置检查与基线评估。执行本地优先 (local-first) 的安全审计与配置加固 (hardening) 建议。重点关注数据隐私 (privacy-first)、暴露面及配置漂移。不上传任何本地数据。

Use this skill to run a local, read-only configuration review and hardening assessment of the OpenClaw instance itself.

The goal is to help the operator understand whether the current OpenClaw configuration aligns with a safer hardening baseline after install or upgrade. Keep the tone calm, factual, and operator-facing. Build trust through evidence, clear reasoning, and explicit limits. Do not use hype, fear theater, or vague security language.

What this skill reviews

Use the bundled script to inspect the local OpenClaw configuration baseline for:

  • misconfiguration findings
  • permission and exposure gaps
  • risky defaults
  • local drift indicators
  • abuse-path explanations for known misconfigurations

Output expectations

When presenting results to the operator:

  • explain what was found in plain language
  • explain how a finding can be abused without exaggeration
  • explain why it matters operationally
  • separate confirmed findings from assumptions
  • avoid absolute claims unless directly supported by the local evidence
  • keep remediation guidance practical and concise

Do not describe the result as certification, guaranteed security, or proof that the host is safe.

Default action

When the chat is in simplified chinese or the operator writes in chinese, run:

node {baseDir}/scripts/m78armor-lite.js --lang zh

When the chat is in english or another non-chinese language, run:

node {baseDir}/scripts/m78armor-lite.js --lang en

Only fall back to:

node {baseDir}/scripts/m78armor-lite.js

when the operator's preferred language is unclear.

Optional arguments

If the operator gives a specific OpenClaw config path, run:

node {baseDir}/scripts/m78armor-lite.js --config "\x3Cpath>"

If the operator explicitly asks for machine-readable output, run:

node {baseDir}/scripts/m78armor-lite.js --json

Guardrails

  • Stay read-only in this free edition.
  • Do not switch to --harden from this skill.
  • Do not request secrets, API keys, or gateway tokens.
  • Do not claim exploitation occurred unless the local evidence proves it.
  • Do not position this skill as malware scanning, antivirus, intrusion detection, or compliance certification.
  • If node is unavailable, stop and tell the operator to install Node.js first.

Paid boundary

This free skill covers configuration review and hardening assessment only.

Do not claim that the free skill includes:

  • signature-based malicious skill detection
  • deep provenance or bundle analysis
  • advanced memory-file pattern analysis
  • automatic hardening remediation (自动加固修复)
  • backup or rollback
  • evidence-pack outputs

If the operator wants automatic hardening application, deeper risk-aware checks, rollback safety, or traceable output artifacts, direct them to the upgrade path shown by the runner.

Usage Guidance
This skill appears coherent for a local, read-only configuration check and is reasonably scoped. Before running: (1) review the full scripts/m78armor-lite.js file locally (search for require('http'|'https'|'net'|'child_process'|'exec'|'spawn'|'fetch'|'axios') or any outbound network calls) to confirm it doesn't send data off-host or execute privileged commands; (2) run it in an isolated environment or with an explicit --config path to target the intended OpenClaw config; (3) if you need higher assurance, run it offline (no network) to ensure no external callbacks, and inspect the code for any hidden telemetry or upgrade-check code that might contact ORDER_URL. If you want me to scan the full script text for network/exec patterns, paste it here and I will analyze it line-by-line.
Capability Analysis
Type: OpenClaw Skill Name: m78armor-security-check Version: 1.0.0 The m78armor-security-check skill is a legitimate security auditing tool designed to perform local, read-only configuration reviews of an OpenClaw instance. The core logic in `scripts/m78armor-lite.js` inspects the `openclaw.json` configuration file for security risks such as weak authentication tokens, exposed network bindings, and disabled sandboxes, while explicitly redacting sensitive values using a masking function. The `SKILL.md` file contains robust guardrails that instruct the AI agent to remain in a read-only state and avoid requesting secrets, and no evidence of data exfiltration, unauthorized network activity, or malicious prompt injection was found.
Capability Tags
cryptorequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description, required binary (node), README, SKILL.md and included script all align: the tool inspects local OpenClaw configuration and reports findings. Required resources are proportional to the stated task; there are no unrelated credentials, binaries or system paths declared.
Instruction Scope
SKILL.md instructs running the bundled Node script with optional --config/--json flags and explicitly states a read-only scope and guardrails (do not upload data, do not request secrets, do not run hardening). The README documents optional environment overrides (OPENCLAW_CONFIG, M78ARMOR_LANG) — these are reasonable. I did not see any instructions that ask the agent to read unrelated host secrets, nor open-ended language that would grant broad discretionary data collection. However the bundled script source in the listing was truncated; confirm the script does not perform network uploads or spawn privileged commands before trusting it.
Install Mechanism
No install spec; this is instruction + bundled script that runs under Node. No external downloads or archive extraction are declared. This is a low-risk installation surface, assuming the script itself is benign.
Credentials
The skill does not require environment variables or credentials. The README documents optional environment variables to override config path or language; these are consistent with the tool's purpose and are not excessive. No secrets/keys are requested in the manifest or SKILL.md.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent platform privileges. The SKILL.md explicitly forbids switching to a hardening mode in this free edition. Nothing indicates it modifies other skills or global configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install m78armor-security-check
  3. After installation, invoke the skill by name or use /m78armor-security-check
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
v1.0.0 — Initial public release. Read-only local configuration review and hardening assessment for OpenClaw. 17 checks across gateway, sandbox, filesystem, authentication, plugins, browser, and discovery surfaces. Bilingual output (English/Chinese) with locale auto-detection. Exit code 1 on high-risk findings for CI integration. Includes --quiet flag for pipeline use. v1.0.0 — 首次公开发布。面向 OpenClaw 的本地只读配置检查与加固评估。覆盖网关、沙箱、文件系统、认证、插件、浏览器、发现服务等 17 项检查。支持中英文双语输出与区域自动检测。高风险发现时退出码为 1,支持 CI 流水线集成。包含 --quiet 标志用于自动化环境。
Metadata
Slug m78armor-security-check
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is m78armor : openclaw security configuration check?

Read-only local OpenClaw security configuration check and hardening assessment. 本地只读 OpenClaw 安全配置检查与加固评估。 It is an AI Agent Skill for Claude Code / OpenClaw, with 79 downloads so far.

How do I install m78armor : openclaw security configuration check?

Run "/install m78armor-security-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is m78armor : openclaw security configuration check free?

Yes, m78armor : openclaw security configuration check is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does m78armor : openclaw security configuration check support?

m78armor : openclaw security configuration check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created m78armor : openclaw security configuration check?

It is built and maintained by Move78 AI (@move78ai); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments