← Back to Skills Marketplace
9276
Downloads
34
Stars
73
Active Installs
5
Versions
Install in OpenClaw
/install clawdbot-security-check
Description
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Usage Guidance
Install only if you are comfortable with local inspection of Clawdbot configuration and possible exposure of token-bearing output. Treat it as read-only only when running normal audit commands; do not use `--fix` unless you intentionally want persistent changes to bot policy, logging behavior, and file permissions, and have reviewed/backed up the affected files.
Capability Analysis
Type: OpenClaw Skill
Name:
Developer:
Version:
Description: OpenClaw Agent Skill
The skill's primary purpose is a legitimate 'read-only security audit'. However, there is a critical contradiction: the `skill.json` explicitly declares `"readOnly": true` and `"modifiesSettings": false`, while both `SKILL.md` and `README.md` describe a `--fix` flag that 'applies guardrail remediations' by modifying configuration files and permissions. This inconsistency is a significant vulnerability in the skill's self-description and could lead to unexpected agent behavior or a misrepresentation of its true capabilities, making it suspicious despite the otherwise benign intent of a security audit.
Capability Assessment
Purpose & Capability
The audit purpose is coherent, but the manifest and top-level descriptions declare read-only behavior while README.md and SKILL.md document `--fix` actions that change group policy, logging redaction, and filesystem permissions.
Instruction Scope
Most checks are scoped to Clawdbot configuration, but the remediation mode lacks clear confirmation, rollback, or change-log requirements, and some examples print configuration or environment values that may contain tokens.
Install Mechanism
The artifact contains only markdown and JSON files, and the install metadata installs SKILL.md; however, skill.json references a missing `security-check.js`, making package behavior metadata inconsistent.
Credentials
Reading Clawdbot config, credential locations, auth profiles, and permissions is expected for a security audit, but unredacted `cat` and `env` examples are not well contained for secret-bearing data.
Persistence & Privilege
No background persistence or self-propagation is shown, but the documented `--fix` mode would make persistent config and permission changes despite `readOnly: true` and `modifiesSettings: false` declarations.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawdbot-security-check - After installation, invoke the skill by name or use
/clawdbot-security-check - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.2.2
Added Trust Hierarchy, Prompt Injection Mitigation, Sandboxing levels, Browser Control Risks, Incident Response, Secret Scanning, Vulnerability Reporting. 13 domains.
v2.2.1
Added Trust Hierarchy, Prompt Injection Mitigation, Sandboxing levels, Browser Control Risks, Incident Response, Secret Scanning, Vulnerability Reporting. 13 domains.
v2.2.0
Added Trust Hierarchy, Prompt Injection Mitigation, Sandboxing levels, Browser Control Risks, Incident Response procedures, Secret Scanning with detect-secrets, and Vulnerability Reporting. Updated to 13 security domains.
v2.1.0
Integrated official ClawdBot security documentation. Added 12 security domains including gateway bind, group access control, browser exposure, file permissions, and threat model. Added audit functions and high-level checklist.
v1.0.0
Self-security audit framework. Clawdbot audits its own configuration across 10 security domains.
Metadata
Frequently Asked Questions
What is Clawdbot Security Check?
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge. It is an AI Agent Skill for Claude Code / OpenClaw, with 9276 downloads so far.
How do I install Clawdbot Security Check?
Run "/install clawdbot-security-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Clawdbot Security Check free?
Yes, Clawdbot Security Check is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Clawdbot Security Check support?
Clawdbot Security Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).
Who created Clawdbot Security Check?
It is built and maintained by Seth Rose (@thesethrose); the current version is v2.2.2.
More Skills