← Back to Skills Marketplace
455
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install baseline-kit
Description
Generate safer OpenClaw configuration baselines and audit existing config files for exposure, missing controls, and secret hygiene issues.
README (SKILL.md)
Baseline Kit
Generate profile-based OpenClaw configuration JSON and audit an existing config before rollout.
When to use
- You need a starting profile for
development,team,enterprise, orairgapped. - You want an offline audit for
gateway.bind, auth rate limits, allowed skill sources, audit logging, backups, or secret-like values. - You need a reviewable JSON artifact without contacting external services.
Commands
node {baseDir}/bin/baseline-kit.js generate --profile enterprise --out ./openclaw.secure.json
node {baseDir}/bin/baseline-kit.js generate --profile development --out ./openclaw.dev.json
node {baseDir}/bin/baseline-kit.js audit --config ~/.openclaw/openclaw.json --format table
node {baseDir}/bin/baseline-kit.js audit --config ./openclaw.secure.json --format json
Profiles
| Profile | Focus |
|---|---|
development |
Faster local iteration with lighter rate limits and shorter retention |
team |
Shared team defaults with moderate auth protection and audit logging |
enterprise |
Tighter auth windows, longer retention, and recovery guidance |
airgapped |
Loopback-only and local-mirror oriented settings |
Audit checks
NET_EXPOSURE: whethergateway.bindis loopback-onlyAUTH_RATE_LIMIT: whether auth rate limiting is configured completelySOURCE_RESTRICTION: whether allowed skill sources are too broadAUDIT_LOGGING: whether audit logging is enabledBACKUP_HINT: whether backup settings are presentSECRET_HYGIENE: whether the config tree contains plaintext secret-like values
Output
- Each finding includes a severity, evidence path, recommendation, and compliance tag set.
- Compliance tags currently map to
SOC2,ISO27001, andNIST CSF.
Boundaries
- This tool audits JSON structure only. It does not enforce runtime policy.
- Generated profiles are safer defaults, not a complete configuration management system.
Usage Guidance
This is a small, local Node.js CLI for generating baselines and auditing OpenClaw JSON files; it does not contact external services or request credentials. Before running: ensure you have Node.js 18+, review the included source if you trust the author, and run the provided tests (test.js) in a safe environment. Be careful which config path you audit — the tool will read the file you point it at and will print/write findings (it masks detected secrets but includes partial samples in output and JSON). Avoid pointing it at files you cannot expose to local console/output destinations, and review generated JSON before committing to a repository. If you need extra caution, run the CLI in an isolated container or ephemeral VM.
Capability Analysis
Type: OpenClaw Skill
Name: baseline-kit
Version: 1.0.1
The baseline-kit skill is a security utility designed to generate hardened OpenClaw configuration profiles and audit existing JSON configs for common security flaws like network exposure and plaintext secrets. The implementation in src/index.js is entirely local, using standard Node.js file system modules without any network activity, obfuscation, or suspicious execution patterns. The logic for detecting secrets (collectPotentialSecrets) correctly masks findings and is consistent with the tool's stated purpose of improving configuration hygiene.
Capability Assessment
Purpose & Capability
Name and description match the actual code and instructions. The tool only requires Node and implements profile generation and JSON-based audits; nothing in the package or SKILL.md asks for unrelated cloud credentials or services.
Instruction Scope
SKILL.md instructs running the included CLI to read a user-specified config path and write outputs to a specified --out path. The runtime instructions and code are limited to JSON structure checks, local file read/write, and console output. There are no instructions to access unrelated system files, environment secrets, or external network endpoints.
Install Mechanism
There is no install spec in the registry (instruction-only), and the repo ships a small Node.js CLI. The tool requires only the node binary (Node >=18 per package.json). No remote downloads, package installers, or unusual install steps are present.
Credentials
The skill declares no required environment variables or credentials and the code does not read env vars. It does scan JSON for secret-like keys and emits masked samples in findings — behavior appropriate to an audit tool and aligned with its purpose.
Persistence & Privilege
always is false and the skill does not request permanent platform presence or modify other skills. The agent-invocation defaults are normal; autonomous invocation combined with this tool's limited local I/O presents low risk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install baseline-kit - After installation, invoke the skill by name or use
/baseline-kit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
README and SKILL.md compliance update for OpenClaw / ClawHub alignment.
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Baseline Kit?
Generate safer OpenClaw configuration baselines and audit existing config files for exposure, missing controls, and secret hygiene issues. It is an AI Agent Skill for Claude Code / OpenClaw, with 455 downloads so far.
How do I install Baseline Kit?
Run "/install baseline-kit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Baseline Kit free?
Yes, Baseline Kit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Baseline Kit support?
Baseline Kit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Baseline Kit?
It is built and maintained by mike007jd (@mike007jd); the current version is v1.0.1.
More Skills