← Back to Skills Marketplace
tktk-ai

TK Security Auditor

by tktk-ai · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
95
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install tk-security-auditor
Description
Run security audits on Linux servers, web applications, and cloud infrastructure. Checks SSH hardening, firewall rules, open ports, SSL/TLS config, file perm...
Usage Guidance
This skill appears to be a legitimate on-host security auditor, but it omits some important operational details. Before using it: (1) Do not run remediation commands blindly — review and test each fix in a staging environment and back up configs (eg /etc/ssh/sshd_config). (2) Expect it to require root/sudo and tools like nmap, openssl, ufw, apt, and possibly cloud CLIs; verify those are present or install them yourself. (3) For cloud audits, do not hand over long-lived cloud credentials; prefer scoped, temporary credentials or run the audit from CI/hosts that already have appropriately limited access. (4) Ask the skill/agent to perform a read-only audit first and list exact commands it would run before asking it to apply changes. If you cannot verify the commands or the agent's source, treat remediation steps as suggestions only.
Capability Analysis
Type: OpenClaw Skill Name: tk-security-auditor Version: 1.0.0 The 'security-auditor' skill is a legitimate tool designed for server hardening and vulnerability assessment. The instructions in SKILL.md and the remediation commands in references/common-fixes.md align with industry-standard security best practices (e.g., SSH hardening, firewall configuration, and file permission audits) without any evidence of data exfiltration, obfuscation, or malicious intent.
Capability Assessment
Purpose & Capability
The skill's name, description, and instructions align with performing server and web application audits and producing remediation commands. However, the SKILL.md also claims cloud infrastructure reviews but does not declare or document any required cloud credentials, CLIs (aws/gcloud/doctl), or API access mechanisms — this is a notable omission that reduces coherence for the cloud-audit capability.
Instruction Scope
The runtime instructions include commands that read the entire filesystem (find /), inspect services, run network checks (openssl, nmap) and provide copy-paste remediation that edits system configuration files (sed on /etc/ssh/sshd_config, remounting /tmp, enabling UFW, restarting services). Those actions are within a security-audit remit, but the SKILL.md gives no explicit safety steps (take backups, run in audit-only mode, require confirmation before applying fixes), increasing risk if applied blindly.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not write new binaries to disk or download remote code. That minimizes install-time risk.
Credentials
The skill declares no required environment variables or primary credentials, yet the instructions reference tools and operations that typically require: root/sudo privileges and third-party CLIs or utilities (nmap, openssl, ufw, apt, fail2ban, possibly cloud CLIs). The lack of declared credential/tool requirements is an omission that may surprise users and lead the agent to request sensitive access interactively.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-level presence or modify other skills' configuration. Autonomous invocation is allowed by default but is not combined with other elevated privileges here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tk-security-auditor
  3. After installation, invoke the skill by name or use /tk-security-auditor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — Linux server, web app, and cloud infrastructure security auditing with fix commands
Metadata
Slug tk-security-auditor
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is TK Security Auditor?

Run security audits on Linux servers, web applications, and cloud infrastructure. Checks SSH hardening, firewall rules, open ports, SSL/TLS config, file perm... It is an AI Agent Skill for Claude Code / OpenClaw, with 95 downloads so far.

How do I install TK Security Auditor?

Run "/install tk-security-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is TK Security Auditor free?

Yes, TK Security Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does TK Security Auditor support?

TK Security Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created TK Security Auditor?

It is built and maintained by tktk-ai (@tktk-ai); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments