← Back to Skills Marketplace
Host Security Audit
by
Jesse Wunderlich
· GitHub ↗
· v1.0.0
275
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install host-security-audit
Description
Comprehensive security audit and hardening for OpenClaw host machines. Checks firewall, disk encryption, open ports, auto-updates, brew outdated, OpenClaw ve...
README (SKILL.md)
Host Security Audit
Run a comprehensive security audit on the machine hosting OpenClaw. Checks OS-level security, OpenClaw configuration, and common misconfigurations.
Quick Start
Run the full audit:
bash scripts/security-audit.sh
Run with JSON output:
bash scripts/security-audit.sh --json
What It Checks
OS Security
- Firewall — macOS Application Firewall or Linux ufw/firewalld
- Disk encryption — FileVault (macOS) or LUKS (Linux)
- Auto-updates — macOS SoftwareUpdate or unattended-upgrades
- Open ports — listening services on all interfaces
- Suspicious processes — crypto miners, reverse shells, unexpected listeners
OpenClaw Security
- OpenClaw version — current vs latest available
- API key exposure — plaintext keys in config files
- Gateway bind address — flags 0.0.0.0 binding (exposed to network)
- File permissions — secrets directory permissions
System Health
- Disk usage — warns at 80%, critical at 90%
- Brew outdated — packages with available updates (macOS)
- Time Machine — backup status and last backup time (macOS)
Scheduling Monthly Audits
Create an OpenClaw cron job for the 1st Monday of each month at 9 AM:
schedule: "0 9 1-7 * 1"
payload: Run a full host security audit. Execute: bash \x3Cskill-path>/scripts/security-audit.sh — Report findings with severity levels (CRITICAL/WARNING/OK). Only notify the user if there are CRITICAL or WARNING findings. If everything passes, do nothing (NO_REPLY).
Remediation
The audit reports findings but does not auto-fix. For each finding:
- CRITICAL — Act immediately (exposed API keys, no firewall, no encryption)
- WARNING — Schedule fix within a week (outdated packages, disk usage)
- OK — No action needed
To auto-fix OpenClaw-specific issues:
openclaw security audit --fix
This only tightens OpenClaw defaults and file permissions. It does not modify host firewall, SSH, or OS settings.
Usage Guidance
This skill appears coherent for a local host audit, but review before running. Specifically: 1) Inspect scripts/security-audit.sh yourself — it will read ${HOME}/.openclaw/* and other system state (process list, ports, disk, firewall status). 2) Run it with least privilege (don't run as root unless needed) and test in a safe environment first. 3) If you schedule cron jobs, ensure the scheduled job runs under the intended user and that any delivered reports are sent only to trusted destinations (the SKILL.md does not define an external reporting endpoint). 4) If you store sensitive OpenClaw secrets, consider temporarily moving them or running the audit in a controlled context. 5) If you rely on exact checks (npm view openclaw, brew, tmutil), be aware those commands may contact external services; allow or restrict network access accordingly.
Capability Analysis
Type: OpenClaw Skill
Name: host-security-audit
Version: 1.0.0
The OpenClaw AgentSkills bundle 'host-security-audit' is benign. The `SKILL.md` provides clear instructions for the AI agent to execute a security audit script and report its findings. The `scripts/security-audit.sh` script performs a comprehensive set of system and OpenClaw-specific security checks (e.g., firewall, disk encryption, open ports, API key exposure, suspicious processes). All commands executed are standard system utilities for information gathering, and the script reports findings without exfiltrating sensitive data, installing backdoors, or executing arbitrary malicious code. The network call to `npm view` is a legitimate check for software updates.
Capability Assessment
Purpose & Capability
The script implements the stated host and OpenClaw checks (firewall, disk encryption, open ports, OpenClaw config, API key patterns, brew outdated, etc.). It legitimately needs access to local system tools and the user's OpenClaw config. Minor mismatch: SKILL.md lists no required binaries even though the script uses commands like lsof/ss, tmutil/fdesetup/defaults (macOS), lsblk/stat, npm and openclaw if present; this is an omission but not malicious.
Instruction Scope
SKILL.md instructs running the included script and scheduling a cron job; the script's actions are limited to local system inspection and OpenClaw config files under $HOME/.openclaw. It does not instruct network exfiltration or reading unrelated system secrets. The scheduling snippet mentions reporting but does not define an external report endpoint.
Install Mechanism
There is no install spec (instruction-only plus an included script), so nothing is downloaded or installed by the skill itself. That minimizes risk from install-time arbitrary code fetches.
Credentials
The skill requests no environment variables or external credentials. It does read potentially sensitive local files (e.g., ${HOME}/.openclaw/openclaw.json and secrets directory) and scans for API key patterns — this is proportional to an audit but is sensitive, so users should understand the script will access their OpenClaw config and secrets directory permissions.
Persistence & Privilege
always is false and the skill does not automatically persist itself. SKILL.md suggests creating a monthly cron job, which is a user decision. Some checks may require elevated privileges to be fully accurate (e.g., certain firewall or process details), but the script does not attempt to escalate privileges by itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install host-security-audit - After installation, invoke the skill by name or use
/host-security-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — Comprehensive security audit for OpenClaw hosts (macOS/Linux). Checks firewall, encryption, ports, API keys, disk usage, and more.
Metadata
Frequently Asked Questions
What is Host Security Audit?
Comprehensive security audit and hardening for OpenClaw host machines. Checks firewall, disk encryption, open ports, auto-updates, brew outdated, OpenClaw ve... It is an AI Agent Skill for Claude Code / OpenClaw, with 275 downloads so far.
How do I install Host Security Audit?
Run "/install host-security-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Host Security Audit free?
Yes, Host Security Audit is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Host Security Audit support?
Host Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Host Security Audit?
It is built and maintained by Jesse Wunderlich (@jessewunderlich); the current version is v1.0.0.
More Skills