← Back to Skills Marketplace
179
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install openclaw-sec-audit
Description
Run a local security audit on the OpenClaw environment, identifying risks, affected files, and prioritized remediation steps without exposing secrets.
Usage Guidance
This skill appears to do what it says: a local audit that inspects config, logs, workspace files, git history, SSH and firewall state, and secret-like patterns. Before running: (1) Review the bundled utils.py (not fully shown here) to confirm run_command/read/write behavior and ensure there are no hidden network POSTs or uploads. (2) Run it on a machine you control (not a sensitive production host) because it reads /etc, logs, and user files. (3) Run as a non-root user where possible; some host checks will be skipped if unreadable. (4) Inspect generated report files and their output directory permissions before sharing; while secrets are masked, file paths and counts are included. (5) If you enable autonomous agent invocation, be cautious — this tool can access many local artifacts; disable autonomous invocation unless you trust the skill and agent policies. If you want higher assurance, provide the full utils.py implementation for review or run the audit in an isolated test VM and inspect its runtime behavior (processes invoked, network activity) before using on production systems.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-sec-audit
Version: 0.1.3
The skill bundle is a legitimate security auditing tool designed to inspect the local OpenClaw environment for risks. It includes detectors for plaintext secrets (with explicit redaction logic in `utils.py`), overly permissive filesystem permissions, insecure SSH configurations, and exposed network listeners. The code in `audit.py` and its sub-modules performs standard system checks using `subprocess` and local file reads, but it contains no evidence of data exfiltration, obfuscation, or malicious intent.
Capability Assessment
Purpose & Capability
Name/description ask for a local OpenClaw security audit and the bundled code performs filesystem, git, host, network, config, and secret scans — these capabilities are appropriate for that purpose.
Instruction Scope
SKILL.md directs running the bundled runtime. The runtime reads config (~/.openclaw/openclaw.json), workspace files, .env files, logs, git-tracked files, SSH config, auth logs, and runs host/network commands (git, ss, journalctl, ufw/nft/iptables, systemctl, fail2ban-client). This scope is expected for a local audit but is broad and will access many sensitive local artifacts; the skill claims to redact secrets and the code masks examples, but you should only run it on hosts you control.
Install Mechanism
No external install or downloads are performed; the skill is instruction-only with bundled Python code executed via local python3. There are no remote URL-based installers observed in the provided files.
Credentials
The skill requests no environment variables or credentials. It does, however, read sensitive local files and run privileged host inspection commands (via subprocess) — this is proportionate to an audit but still requires local file access. No unrelated external credentials are requested.
Persistence & Privilege
always is false and the skill does not modify system or other skills' configuration. It runs on-demand and does not request permanent presence or elevated install-time privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-sec-audit - After installation, invoke the skill by name or use
/openclaw-sec-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.3
Redact config-derived evidence in heuristic findings so the skill no longer echoes raw config values in reports.
v0.1.2
Replace the .pyz bundle with bundled plain Python sources under resources/runtime so the skill publishes correctly on ClawHub and runs without the main repository checkout.
v0.1.1
Bundle a standalone runtime so the skill no longer depends on the main repository checkout or PYTHONPATH.
v0.1.0
- Initial release of the OpenClaw Security Audit skill.
- Runs a local security audit against the current OpenClaw installation and environment.
- Outputs summarized risks, impacted locations, and prioritized remediation steps (critical to low).
- Avoids printing raw secrets; outputs only summaries.
- Clearly indicates if any host checks are skipped or unsupported.
Metadata
Frequently Asked Questions
What is Openclaw Security Audit?
Run a local security audit on the OpenClaw environment, identifying risks, affected files, and prioritized remediation steps without exposing secrets. It is an AI Agent Skill for Claude Code / OpenClaw, with 179 downloads so far.
How do I install Openclaw Security Audit?
Run "/install openclaw-sec-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openclaw Security Audit free?
Yes, Openclaw Security Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Openclaw Security Audit support?
Openclaw Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Openclaw Security Audit?
It is built and maintained by haooyi (@haooyi); the current version is v0.1.3.
More Skills