← Back to Skills Marketplace
aowind

sjht-server-audit

by Aowind · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
214
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sjht-server-audit
Description
远程服务器安全巡检和环境报告工具。 通过 SSH 免密登录远程主机,全面检查系统信息、运行服务、开放端口、 Web 服务器配置、数据库配置、安全设置(SSH/防火墙/SELinux)、可疑进程和定时任务, 生成结构化的巡检报告。Use when 用户需要检查服务器安全、排查服务器环境、 了解服务器上运行了什么服务...
Usage Guidance
This script is coherent for performing a remote server audit, but review and test it before running on production. Specifically: - Verify SSH key handling: the skill assumes passwordless SSH; ensure the private key is stored and used securely (or provide it via a known credential manager), and confirm which user/account will be used. - Expect the script to execute commands on the remote host and read config files (e.g., /etc/ssh/sshd_config, /etc/nginx/*, /etc/cron.d/*, site directories). These are necessary for auditing but may expose sensitive configuration—run on hosts you control or have explicit permission to audit. - Fix the documentation/implementation mismatch: SKILL.md claims reports are saved under ~/.openclaw/workspac/audits/... but the script currently writes to a temporary file and the trap removes it on exit. If you need persistent reports, modify the script to write the structured Markdown to the intended path (and ensure directory exists and permissions are correct). - The SKILL.md lists a dependency on an 'ssh-ops' skill; the package metadata does not declare this. Confirm how SSH keys/session management is expected to work in your agent environment. - Test on a non-production host first to confirm output, adjust parsing rules, and verify nothing is transmitted off your environment. If you want stronger guarantees, consider adding explicit logging/consent steps and avoid running on hosts without authorization.
Capability Analysis
Type: OpenClaw Skill Name: sjht-server-audit Version: 1.0.0 The skill is a legitimate server security auditing tool designed to collect system information, service statuses, and configuration details via SSH. The bash script (scripts/server-audit.sh) performs standard diagnostic commands (ss, systemctl, grep on config files) to identify common security misconfigurations like exposed database ports or weak SSH settings. The instructions in SKILL.md explicitly advise the agent to keep reports local and avoid uploading sensitive data to public repositories, demonstrating security-conscious design aligned with its stated purpose.
Capability Assessment
Purpose & Capability
The name/description (remote server security audit via SSH) matches what the script does: it SSH-es into the target and collects system info, services, ports, web/db config, cron entries, and produces a local report. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
The SKILL.md instructs running scripts/server-audit.sh which indeed SSH-es to the target and collects config files and logs — appropriate for an audit. However there are two mismatches: SKILL.md states reports are saved to ~/.openclaw/workspac/audits/<IP>-<date>.md, but the shipped script does not write such a persistent file (it writes to a local temporary file $TMPFILE and the trap removes it on exit). Also SKILL.md lists 'ssh-ops' skill as a precondition but that dependency is not declared in metadata. These inconsistencies could lead to surprises (lost report, undeclared dependency).
Install Mechanism
Instruction-only skill with an included shell script; no install spec, no external downloads or package installs. Low install-time risk since nothing is fetched/installed automatically.
Credentials
The skill requests no environment variables or external credentials in metadata. Operationally it requires SSH key-based access to target hosts (private key must be present on the agent or managed by another skill like 'ssh-ops'). This is proportional to its purpose, but the requirement is only documented in SKILL.md (not declared in metadata) so users must ensure their SSH keys are handled securely.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills/config. It executes remotely over SSH and stores output locally in a temp file; no evidence of attempts to persist beyond that or modify agent-wide settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sjht-server-audit
  3. After installation, invoke the skill by name or use /sjht-server-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
# Changelog — server-audit 所有格式基于 [Keep a Changelog](https://keepachangelog.com/zh-CN/1.1.0/), 版本号遵循 [语义化版本](https://semver.org/lang/zh-CN/)。 --- ## [0.1.0] — 2026-03-19 ### 新增 - 初始版本发布 - **服务器巡检脚本** `scripts/server-audit.sh` - 系统信息采集:OS、内核、CPU、内存、磁盘、Swap - 运行服务检测:systemd running services - 开放端口扫描:ss -tlnp 全部 TCP 监听 - 防火墙状态检查:firewalld 规则、SELinux 模式 - Web 服务检测:Nginx/PHP-FPM/MariaDB/Node/Docker 版本与状态 - Nginx 虚拟主机配置提取(server_name/root/listen) - 网站目录扫描:WordPress 检测、HTML 站点检测 - 安全配置审计:SSH 配置(密码认证/Root 登录/端口) - 可疑项检查:失败登录记录、用户/系统定时任务、高内存进程 - 快速安全判定:自动识别 🔴严重/⚠️警告 级别问题 ### 安全判定规则 - 🔴 严重:数据库端口全网暴露、管理面板全网暴露、SSH 允许 Root 密码登录 - ⚠️ 警告:防火墙未启用、SELinux 禁用、SSH 密码认证未禁用、无 Swap、暴力破解痕迹 ### 首次验证 - 对 xxxxx(OpenCloudOS 9.4)完成完整巡检 - 检出 3 个严重安全问题 - 检出 4 个警告 - 生成详细巡检报告
Metadata
Slug sjht-server-audit
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is sjht-server-audit?

远程服务器安全巡检和环境报告工具。 通过 SSH 免密登录远程主机,全面检查系统信息、运行服务、开放端口、 Web 服务器配置、数据库配置、安全设置(SSH/防火墙/SELinux)、可疑进程和定时任务, 生成结构化的巡检报告。Use when 用户需要检查服务器安全、排查服务器环境、 了解服务器上运行了什么服务... It is an AI Agent Skill for Claude Code / OpenClaw, with 214 downloads so far.

How do I install sjht-server-audit?

Run "/install sjht-server-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is sjht-server-audit free?

Yes, sjht-server-audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does sjht-server-audit support?

sjht-server-audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created sjht-server-audit?

It is built and maintained by Aowind (@aowind); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments