← Back to Skills Marketplace
OpenClaw Security Auditor
by
Muhammad Waleed
· GitHub ↗
· v1.0.0
2350
Downloads
1
Stars
16
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-security-auditor
Description
Audit OpenClaw configuration for security risks and generate a remediation report using the user's configured LLM.
Usage Guidance
This skill appears coherent for auditing OpenClaw configs, but take simple precautions before running it on production data: 1) Inspect the SKILL.md and any jq/redaction examples (or run it against a copy of your config with secrets replaced) to confirm secrets are removed. 2) If your OpenClaw LLM is a remote cloud provider, consider whether metadata about misconfigurations is acceptable to transmit — run the audit locally against a sanitized copy first. 3) Test on a non-production or redacted config to verify output and redaction behavior. 4) If you need stronger guarantees, request or supply explicit redaction filters (so the skill never transmits token values) or use a local-only LLM before running against sensitive configs.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-security-auditor
Version: 1.0.0
The OpenClaw Security Auditor skill is designed to audit local OpenClaw configurations for security risks. All documentation and the `SKILL.md` pseudo-flow explicitly state that the skill operates locally, strips all secrets before analysis, and makes no external network calls. It uses standard binaries (`cat`, `jq`) for their intended purpose of reading and parsing local configuration files. There is no evidence of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection attempts against the agent in any of the provided files; instead, the documentation consistently emphasizes privacy and security.
Capability Assessment
Purpose & Capability
The name/description claim a local OpenClaw configuration audit. The declared requirements (cat, jq) and the instructions (read ~/.openclaw/openclaw.json, run checks, produce a report) are proportional and expected for that purpose.
Instruction Scope
The SKILL.md confines activity to reading a single config file, extracting metadata, and sending a redacted findings object to the user's configured LLM through the OpenClaw agent flow. This is coherent, but the SKILL.md does not show the exact redaction commands or jq filters used—so you must trust the skill to actually remove secrets before sending. Also, 'user's configured LLM' may be a remote service (e.g., OpenAI); validate whether findings (even metadata) are acceptable to send to that endpoint.
Install Mechanism
No install spec or code files are present (instruction-only). That minimizes disk persistence and attack surface; requirements are limited to common CLI tools (cat, jq).
Credentials
The skill requests no environment variables or credentials, which is appropriate for a local config-only auditor. However, the SKILL.md's promise to 'strip all secrets' is a behavioural assertion not enforced by declared requirements—verify redaction behavior before sending data to any remote model.
Persistence & Privilege
always is false and there is no install performing background persistence. The skill invokes the OpenClaw agent to analyze findings (normal). It does not request system-wide config changes or other skills' credentials.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-security-auditor - After installation, invoke the skill by name or use
/openclaw-security-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Local OpenClaw security audit skill with automated risk reporting.
- Audits ~/.openclaw/openclaw.json or a user-specified config for 15+ security risks.
- Runs checks including auth tokens, gateway settings, tool policies, secrets, logging, and more.
- Generates a detailed markdown report with risk score, categorized findings (Critical/High/Medium/Low), and step-by-step remediation guidance.
- No external APIs or network calls; uses only local tools (cat, jq) and user's existing LLM setup.
- Strictly avoids handling or revealing secrets; only analyzes configuration metadata.
Metadata
Frequently Asked Questions
What is OpenClaw Security Auditor?
Audit OpenClaw configuration for security risks and generate a remediation report using the user's configured LLM. It is an AI Agent Skill for Claude Code / OpenClaw, with 2350 downloads so far.
How do I install OpenClaw Security Auditor?
Run "/install openclaw-security-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Security Auditor free?
Yes, OpenClaw Security Auditor is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenClaw Security Auditor support?
OpenClaw Security Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, windows).
Who created OpenClaw Security Auditor?
It is built and maintained by Muhammad Waleed (@muhammad-waleed381); the current version is v1.0.0.
More Skills