← Back to Skills Marketplace
misirov

Openclaw Security Audit

by misirov · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
5002
Downloads
3
Stars
45
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-security-audit
Description
Audit OpenClaw/Clawdbot deployments for misconfigurations and attack vectors. Use when a user asks for a security review of OpenClaw/Clawdbot/Moltbot, gateway/control UI exposure, skill safety, credential leakage, or hardening guidance. Produces a terminal report with OK/VULNERABLE findings and fixes.
Usage Guidance
Install only if you want an agent to inspect local system state for security issues. Expect it to read logs, process listings, listener ports, and configuration paths; do not approve commands that expose secret values or make system changes unless you specifically intend that action.
Capability Analysis
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill is designed for a security audit, instructing the AI agent to perform read-only checks for misconfigurations and vulnerabilities. It explicitly prohibits data exfiltration, unauthorized modifications, and execution of risky commands without user confirmation. All commands listed are standard read-only system and application inspection tools (e.g., `ps`, `ss`, `cat`, `find`, `journalctl`). The instructions actively guide the agent to identify and report security risks while adhering to strict safety principles, including redacting secrets and reporting only paths to sensitive files, not their contents. There is no evidence of prompt injection, obfuscation, or malicious intent.
Capability Assessment
Purpose & Capability
The stated purpose is to inspect a system for misconfigurations and vulnerabilities, and the described capabilities are standard local audit checks such as process, socket, file, and log inspection.
Instruction Scope
The supplied description says the skill forbids data exfiltration, unauthorized modification, and risky command execution without user confirmation, with secret redaction expectations.
Install Mechanism
No hidden installer, bundled executable payload, obfuscated setup, or automatic package mutation was indicated by the supplied scan context.
Credentials
Local reads of logs, config paths, processes, and network listeners can expose sensitive operational details, but that access is proportionate for a security audit when kept local and redacted.
Persistence & Privilege
No persistence mechanism, background worker, privilege escalation, credential harvesting, or destructive action was supported by the supplied evidence.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-security-audit
  3. After installation, invoke the skill by name or use /openclaw-security-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
openclaw-security-audit 1.0.0 – Initial release - New skill to audit OpenClaw/Clawdbot/Moltbot environments for misconfigurations and security risks. - Provides detailed step-by-step read-only security checks, covering network exposure, authentication, secrets, permissions, installed skills, and process persistence. - Generates a terminal-style report with OK/VULNERABLE/UNKNOWN findings, actionable impact explanation, and remediation steps. - Redacts secrets, avoids risky commands by default, and only proposes active remediations upon explicit user request. - Includes clear output structure and summary section highlighting top risks.
Metadata
Slug openclaw-security-audit
Version 1.0.0
License
All-time Installs 188
Active Installs 45
Total Versions 1
Frequently Asked Questions

What is Openclaw Security Audit?

Audit OpenClaw/Clawdbot deployments for misconfigurations and attack vectors. Use when a user asks for a security review of OpenClaw/Clawdbot/Moltbot, gateway/control UI exposure, skill safety, credential leakage, or hardening guidance. Produces a terminal report with OK/VULNERABLE findings and fixes. It is an AI Agent Skill for Claude Code / OpenClaw, with 5002 downloads so far.

How do I install Openclaw Security Audit?

Run "/install openclaw-security-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Security Audit free?

Yes, Openclaw Security Audit is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Security Audit support?

Openclaw Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Openclaw Security Audit?

It is built and maintained by misirov (@misirov); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments