← Back to Skills Marketplace
openclawvincent

openclaw-pc-security

by Vincent_Openclaw · GitHub ↗ · v2.0.1 · MIT-0
cross-platform ⚠ suspicious
440
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install openclaw-pc-security
Description
Local security self-check for your Windows PC and OpenClaw server setup (password protection, port, and exposure), producing a local report.
Usage Guidance
This package appears to do what it says: local Windows posture checks and optional OpenClaw network probing. Important things to consider before running: - Only run active scans (--ports, credential checks, exposure checks) against machines and networks you own or have explicit permission to test. The code will attempt default-login POSTs to /login and GETs to unauthenticated endpoints. - Run inside a controlled environment (separate user account or VM) if you are concerned about side effects. - The MSRC API key is optional; only provide it if you want CVE→KB lookups. If you don't provide it that functionality stays disabled. - The scripts will read local config files (cwd config.json, ~/.openclaw/config.json, APPDATA path) to detect server settings — don't run if you don't want those files inspected. - Reports are written to output/ (fixed filenames and may overwrite). Do not upload reports publicly; they can contain sensitive info. - If you want extra assurance, review scripts/run_scan.py and scripts/run_audit.py before executing, and run the audit-only mode first (no network probing) to see results.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-pc-security Version: 2.0.1 This skill bundle is a security auditing tool designed to perform local and network-based security checks for Windows and OpenClaw environments. It utilizes high-risk capabilities, including executing PowerShell commands to gather system metadata (audit.py), performing network port scans (scanner.py), and testing for default credentials (analyzer.py). While these actions are aligned with the stated purpose of security self-checking and the SKILL.md instructions emphasize keeping reports local, the broad system access and network probing capabilities are inherently risky. No evidence of intentional data exfiltration or malicious persistence was found, but the tool's powerful primitives warrant a cautious classification.
Capability Assessment
Purpose & Capability
The name/description match what the bundle does: local Windows posture checks, OpenClaw version/config inspection, optional network probing of OpenClaw endpoints, and generation of local HTML/JSON reports. Required binaries/env vars are minimal/optional (requests, optional MSRC API key) and align with the described capabilities.
Instruction Scope
The SKILL.md explicitly instructs running local audit and optional network scans (scripts/run_audit.py and scripts/run_scan.py). The code performs authorized network probes, default-credential login attempts (admin:openclaw), and unauthenticated endpoint retrievals to detect sensitive fields — these are appropriate for an OpenClaw exposure scanner but are active operations with legal/ethical implications. The skill also scans local config paths (cwd config.json, ~/.openclaw/config.json, APPDATA) which aligns with server-config checks. The SKILL.md warns not to use active scans on systems you don't own and not to upload reports.
Install Mechanism
No automated install spec is provided (the package is instruction/code-only). Dependencies are limited to 'requests' (requirements.txt). The project expects the user to set up a Python venv and pip-install requirements; nothing in the manifest points to downloads from untrusted hosts or opaque install actions.
Credentials
No required environment variables are declared. An MSRC API key is optional and only used for MSRC SUG lookups when the user requests that function. The scripts read local system state (registry, netstat, files under home/CWD/APPDATA) which is necessary for the stated local-audit purpose. No unrelated cloud credentials or broad secrets are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It will run as invoked and does not request permanent elevated platform privileges. Autonomous invocation is allowed by platform defaults but is not combined with other concerning flags.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-pc-security
  3. After installation, invoke the skill by name or use /openclaw-pc-security
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.1
openclaw-pc-security 2.0.1 changelog: - Clarified wording for target checks: “Optional OpenClaw target checks (authorized use only)” replaces “Optional target probing for OpenClaw targets (authorized use only)”. - Active scan functionality (credential and leak checks) must now be explicitly enabled via new command-line flags (--enable-cred-check, --enable-leak-check). - Updated instructions and sample commands to reflect explicit enabling of active network checks. - Revised notes for clearer guidance on usage restrictions and safe handling of report files.
v2.0.0
openclaw-pc-security 2.0.0 introduces new standalone audit and scan scripts, along with expanded local reporting. - Added new scripts (`run_audit.py`, `run_scan.py`, `debug_audit.py`) for local and target security checks. - Separated requirements for audit and scan tasks (`requirements-audit.txt`, `requirements-scan.txt`). - Reports are now written to a simplified `output/` directory. - Audit includes OpenClaw server configuration checks (password protection, port usage, exposure). - HTML/JSON report files are now generated for both audit and scan with additional finding types. - Updated documentation and usage instructions to reflect modular scripts and new output paths.
v1.0.3
Version 1.0.2 - Updated usage notes to emphasize that scanning/testing features are intrusive and must only be used in explicitly authorized environments. - Added clear warnings against using scanning functions on systems without explicit permission. - Clarified that scan report files should not be uploaded or sent unless the user explicitly requests it and provides a secure destination, due to sensitive information. - Strengthened reminders not to upload sensitive output to public repositories.
v1.0.2
- Updated documentation format: merged `manifest.json` into SKILL.md with standardized YAML front matter. - Improved and clarified documentation with concise usage guidelines. - Added initial evaluation configuration file (`evals/evals.json`). - Removed duplicate/unnecessary files for cleaner structure.
v1.0.1
- Updated documentation to reference the correct script path: changed `src/main.py` to `scripts/main.py` in usage examples. - No changes to code or functionality.
v1.0.0
OpenClaw PC Security 1.0.0 initial release: - Provides security self-checks for Windows PCs running OpenClaw. - Checks Windows version, latest update status, and support lifecycle. - Alerts about outdated OpenClaw or npm versions. - Optional scan for port exposure and weak credentials in local/LAN (authorized use only). - Outputs severity-based findings as HTML/JSON reports in the output folder. - Primary focus on Windows, with a foundation for future OS and feature expansion.
Metadata
Slug openclaw-pc-security
Version 2.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 6
Frequently Asked Questions

What is openclaw-pc-security?

Local security self-check for your Windows PC and OpenClaw server setup (password protection, port, and exposure), producing a local report. It is an AI Agent Skill for Claude Code / OpenClaw, with 440 downloads so far.

How do I install openclaw-pc-security?

Run "/install openclaw-pc-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is openclaw-pc-security free?

Yes, openclaw-pc-security is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does openclaw-pc-security support?

openclaw-pc-security is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created openclaw-pc-security?

It is built and maintained by Vincent_Openclaw (@openclawvincent); the current version is v2.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments