← Back to Skills Marketplace
jnmetacode

ShellWard Security Guide

by jnMetaCode · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
437
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install shellward-security-guide
Description
OpenClaw 安全部署指南 / Security deployment guide — help users secure their OpenClaw installation
README (SKILL.md)

ShellWard Security Deployment Guide / 安全部署指南

When the user invokes this skill, provide a complete security deployment checklist based on the following best practices. Check the current system state using available tools and give actionable recommendations.

Security Checklist

1. Network Control / 网络控制

  • Check if OpenClaw gateway port (19000/19001) is exposed to public network
  • Recommend binding to 127.0.0.1 or using a reverse proxy with authentication
  • Suggest firewall rules: ufw allow from 127.0.0.1 to any port 19000
  • For cloud servers: check security group rules

2. Container Isolation / 容器隔离

  • Recommend running OpenClaw in Docker with restricted capabilities: 
    docker run --cap-drop=ALL --cap-add=NET_BIND_SERVICE \
  --read-only --tmpfs /tmp \
  -u 1000:1000 \
  openclaw
  • Suggest resource limits: --memory=2g --cpus=1
  • Mount only necessary directories

3. Credential Management / 凭证管理

  • Scan for plaintext secrets in .env, .bashrc, environment variables
  • Recommend using a secret manager (Vault, doppler, etc.)
  • Check file permissions on sensitive files (should be 0600)
  • Suggest chmod 600 ~/.env ~/.ssh/* ~/.aws/credentials

4. Audit Logging / 审计日志

  • Verify ShellWard audit log is active at ~/.openclaw/shellward/audit.jsonl
  • Show recent security events
  • Recommend log rotation and backup strategy
  • Suggest sending critical events to external SIEM

5. Plugin Security / 插件安全

  • List all installed plugins and check for known risks
  • Disable auto-update for plugins
  • Only install from trusted sources
  • Scan plugin code for suspicious patterns

6. Patch Management / 补丁管理

  • Check current OpenClaw version
  • Report known vulnerabilities for current version
  • Recommend upgrade path
  • Check Node.js version (must be >= 22.12)

Available Commands

Remind the user about ShellWard's quick commands:

  • /security — Full security status overview
  • /audit [count] [filter] — View audit log
  • /harden — Scan for issues, /harden fix to auto-fix
  • /scan-plugins — Scan plugins for security risks
  • /check-updates — Check versions and vulnerabilities

Response Style

  • Be concise and actionable
  • Use the user's language (detect from their message)
  • Prioritize critical issues first
  • For each issue, provide the exact command to fix it
  • Ask for confirmation before executing destructive operations
Usage Guidance
This skill looks coherent for its stated purpose but it will ask the agent to read sensitive local files (env, SSH keys, AWS creds), audit logs, and plugin code. Before using it: (1) prefer running it on a test or staging host or with read-only access; (2) do not paste cloud/provider credentials unless you trust the source (the package has no homepage/source repo listed); (3) review any 'auto-fix' actions and require manual confirmation before destructive fixes; and (4) if the skill asks to send data to external services (SIEM or other endpoints), validate where data will go and redact secrets if necessary.
Capability Analysis
Type: OpenClaw Skill Name: shellward-security-guide Version: 1.0.0 The skill is a security deployment guide designed to help users harden their OpenClaw installation. It provides a comprehensive checklist covering network control, container isolation, credential management, and audit logging, using standard security practices (e.g., ufw, chmod 600, Docker resource limits). While it instructs the agent to scan for secrets and system vulnerabilities in files like SKILL.md, the intent is clearly defensive, and it explicitly requires user confirmation before performing any destructive operations.
Capability Assessment
Purpose & Capability
Name/description (OpenClaw security deployment guide) align with the SKILL.md: it instructs checks for network exposure, container hardening, credential management, audit logs, plugins, and patching — all appropriate for a security guide.
Instruction Scope
The runtime instructions explicitly ask the agent to inspect local state (ports, firewall, ~/.env, ~/.bashrc, ~/.ssh, ~/.aws/credentials, ~/.openclaw/shellward/audit.jsonl), list and scan plugin code, and check Node/OpenClaw versions. Those actions are coherent for a security scanner but involve reading sensitive files and potentially sending findings externally; the SKILL.md is somewhat broad ('Check the current system state using available tools') which grants the agent discretionary scope.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest disk/write risk. Nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required env vars or credentials, yet instructs scanning environment variables and credential files (including AWS creds). Reading those items is reasonable for a security guide, but the skill does not request or document how cloud credentials would be accessed — users should not provide cloud/provider credentials unless explicitly needed and verified.
Persistence & Privilege
Flags show always:false and user-invocable:true; disable-model-invocation:false (normal). The skill does not request persistent presence or modify other skills or global agent config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install shellward-security-guide
  3. After installation, invoke the skill by name or use /shellward-security-guide
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — OpenClaw security deployment checklist with 6 audit categories
Metadata
Slug shellward-security-guide
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is ShellWard Security Guide?

OpenClaw 安全部署指南 / Security deployment guide — help users secure their OpenClaw installation. It is an AI Agent Skill for Claude Code / OpenClaw, with 437 downloads so far.

How do I install ShellWard Security Guide?

Run "/install shellward-security-guide" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ShellWard Security Guide free?

Yes, ShellWard Security Guide is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ShellWard Security Guide support?

ShellWard Security Guide is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ShellWard Security Guide?

It is built and maintained by jnMetaCode (@jnmetacode); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments