← Back to Skills Marketplace

Jason's OpenClaw Security Scanner

Name: Jason's OpenClaw Security Scanner
Author: ithacajason

by ITHACAJASON · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

234

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install jason-openclaw-security-scanner

Description

扫描 OpenClaw 配置权限和安全隐患。当用户提到"安全扫描"、"权限检查"、"安全检查"、"扫描权限"、"检查配置安全"时使用此技能。输出具体漏洞内容、安全评分和修复建议，支持交互式一键修复。

README (SKILL.md)

OpenClaw 安全扫描器

扫描 OpenClaw 的配置、文件权限、敏感信息泄露，生成安全报告并支持交互式修复。

使用方法

# 扫描并显示报告
python3 scripts/scan_security.py

# 交互式修复（逐个询问）
python3 scripts/scan_security.py --interactive

# 自动修复所有问题
python3 scripts/scan_security.py --fix-all

# 修复指定问题
python3 scripts/scan_security.py --fix 0

扫描内容

类别	检查项	自动修复
操作规则	删除操作是否需人工确认	✅ 添加规则
配置权限	子代理权限、沙箱状态、公网暴露	部分
文件权限	目录权限	✅ chmod
敏感信息	API Key、密码、Token、私钥泄露	✅ .gitignore
日志审计	错误统计、认证失败	❌ 仅提醒

工作流程

扫描 - 检测所有安全隐患
报告 - 显示安全评分和详细问题
修复建议 - 针对每个问题给出具体修复方案
询问确认 - 用户同意后执行修复
结果汇总 - 显示修复成功/失败

输出示例

🛡️ OpenClaw 安全扫描报告
📅 扫描时间: 2026-03-15 16:57
📊 安全评分: 25/100

📋 详细发现:

【1】[操作规则] 🟠 高危
问题: 未设置删除操作限制
详情: Agent 可能执行删除操作而不需要人工确认
🔧 可修复: 是

💡 发现 5 个可修复的问题，运行:
   python3 scripts/scan_security.py --interactive

交互式修复示例

【问题 1】未设置删除操作限制
风险等级: 🟠 高危

📝 修复方案:
  在文件中添加规则: 操作红线: 只能执行查询和修改，删除操作必须手动确认

是否执行此修复? (y/n/skip/all): y
✅ 已在 TOOLS.md 中添加操作红线规则

安全评分规则

100 分起
🔴 严重: -25 分
🟠 高危: -15 分
🟡 中危: -5 分
🟢 低危: -2 分

Usage Guidance

This skill appears to be what it says: a local OpenClaw configuration and permission scanner that can also apply fixes. Before running: (1) review the script source if you are unsure; (2) run in read-only mode first (no --fix-all) to review findings; (3) prefer the interactive mode so you can approve each change; (4) back up important configuration files (e.g., openclaw.json, TOOLS.md) before using automatic fixes; (5) be cautious about any automated move of secrets into environment variables — ensure your environment management is secure. If you plan to let an autonomous agent call this skill, note it can modify files when invoked with fix flags, so restrict autonomous invocation or require explicit user confirmation.

Capability Analysis

Type: OpenClaw Skill Name: jason-openclaw-security-scanner Version: 1.0.0 The skill bundle is a legitimate security utility designed to audit OpenClaw configurations and workspace files for vulnerabilities. The script `scripts/scan_security.py` performs local checks for hardcoded API keys, broad file permissions, and disabled sandboxes, providing an interactive mode to apply fixes like tightening permissions via `chmod` or updating `.gitignore`. It follows security best practices by masking sensitive data in its output and does not perform any network communication or data exfiltration.

Capability Assessment

✓ Purpose & Capability

The name and description claim a local OpenClaw security scanner; the skill includes a Python scanner that inspects OpenClaw config, workspace files, operation rules, permissions and sensitive data and offers fixes — these requirements are coherent with the stated purpose.

ℹ Instruction Scope

SKILL.md instructs the agent to run the included script and describes scanning of configuration files, directory permissions, operation rules and sensitive data. The script walks the user's workspace (~/.openclaw/workspace) and reads many files — this is expected for a scanner but means the skill will read potentially large amounts of local data. Fix actions (chmod, config edits, moving secrets to env vars, adding rules) are supported and are invoked explicitly via --interactive or --fix-all; ensure you understand which fixes will be applied.

✓ Install Mechanism

No install spec; this is an instruction-only skill with one Python script. No external downloads or package installs are requested.

✓ Credentials

The skill requires no environment variables or external credentials. It does suggest moving discovered secrets into environment variables as a remediation, which is reasonable for the purpose but not requested by the skill itself.

ℹ Persistence & Privilege

The skill is not always-enabled. It can modify local files when run with --interactive or --fix-all (auto-fix types include chmod, config updates, adding rules, and setting env vars). That file-modification ability is coherent with a remediation tool, but you should be aware it can change config and filesystem state when invoked.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install jason-openclaw-security-scanner
After installation, invoke the skill by name or use /jason-openclaw-security-scanner
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

OpenClaw Security Scanner 1.0.0 – Initial Release - 新增 OpenClaw 配置与权限安全扫描功能，自动检测配置风险、文件权限、敏感信息泄露与操作合规性。 - 输出详细安全报告，包含安全评分、发现的问题及具体修复建议。 - 支持交互式一键修复、单项修复与自动修复全部问题，高危项可自动处理。 - 扫描内容覆盖操作规则、配置权限、文件权限、敏感信息、日志审计。 - 提供示例命令及输出，便于快速上手。

Metadata

Slug jason-openclaw-security-scanner

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Jason's OpenClaw Security Scanner?

扫描 OpenClaw 配置权限和安全隐患。当用户提到"安全扫描"、"权限检查"、"安全检查"、"扫描权限"、"检查配置安全"时使用此技能。输出具体漏洞内容、安全评分和修复建议，支持交互式一键修复。 It is an AI Agent Skill for Claude Code / OpenClaw, with 234 downloads so far.

How do I install Jason's OpenClaw Security Scanner?

Run "/install jason-openclaw-security-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Jason's OpenClaw Security Scanner free?

Yes, Jason's OpenClaw Security Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Jason's OpenClaw Security Scanner support?

Jason's OpenClaw Security Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Jason's OpenClaw Security Scanner?

It is built and maintained by ITHACAJASON (@ithacajason); the current version is v1.0.0.

More Skills