← Back to Skills Marketplace
openclaw security auditor
by
Albert Liu
· GitHub ↗
· v1.0.0
· MIT-0
212
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-security-auditor-skill
Description
OpenClaw Security Auditor (OSA) - Comprehensive security auditing tool for OpenClaw deployments. Provides 60-second security diagnosis, risk scoring (0-100),...
Usage Guidance
What to consider before installing or running this skill:
1) Missing dependency / ambiguous import: scripts/security_scanner.py inserts a path outside the skill and imports osa.scanner_fixed / osa.reporter / osa.models. The skill bundle does NOT include an 'osa' package or an 'openclaw-security-auditor' directory. That means the skill will either fail to run or will import code from whatever exists at that external path on the host. Do not run this on a production machine until you confirm where that dependency comes from and inspect it.
2) Inconsistent APIs and missing files: SKILL.md examples reference SecurityScanner and ReportGenerator classes and files like scripts/i18n.py and multiple reference docs that are not present in the package. The examples may not work as written. Ask the author for a clear install/run guide and for the missing files or a packaged dependency.
3) File writes to your config: The fixer script will backup and then modify your OpenClaw config file by default (unless you use --dry-run). Always make your own backup, inspect the changes, or run in a safe environment first. Review the exact modifications (_apply_*_profile functions) to ensure they match your intent.
4) No install instructions: The skill contains code but no install specification. If you want to run it, run it in an isolated sandbox (container/VM) first, and inspect any external package (osa / openclaw-security-auditor) before allowing it to run against your real configuration.
5) Recommended actions: Request the maintainer to (a) include or document the osa dependency and provide a reproducible install step, (b) fix the SKILL.md examples to match the shipped modules/functions, and (c) clarify which files are safe to run and which are placeholders. If you must try it now, run test_skill.py in a controlled environment and do not run config_fixer.py without --dry-run and manual review.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-security-auditor-skill
Version: 1.0.0
The skill bundle is a legitimate security auditing tool for OpenClaw deployments. It contains scripts (security_scanner.py, report_generator.py, config_fixer.py) designed to analyze configuration files, generate bilingual reports, and provide remediation steps. While config_fixer.py includes an 'aggressive' mode that disables authentication, this is clearly documented for testing purposes only. The code follows its stated purpose without evidence of data exfiltration, obfuscation, or malicious intent.
Capability Assessment
Purpose & Capability
The declared purpose — auditing and suggesting fixes for OpenClaw configs — matches the actions in the scripts (reading ~/.openclaw/*.json, producing reports, and applying configuration profiles). However several callers and examples in SKILL.md expect classes/functions (e.g., SecurityScanner, ReportGenerator) that are not provided by the included scripts. Instead, scripts/security_scanner.py tries to import these from an external package path (openclaw-security-auditor / osa). The skill does not declare or install that dependency, which is inconsistent.
Instruction Scope
Runtime instructions and code operate on user configuration files under the user's home (~/.openclaw) and write backups and modified configs via scripts/config_fixer.py. That is within scope for a security auditor, but it's a high-impact action (writes to user config). The SKILL.md examples also reference files and modules (i18n.py, osa.* classes) that are missing from the packaged files, creating ambiguity about what will actually run.
Install Mechanism
There is no install spec, yet the code expects an external package/module ('openclaw-security-auditor' / package 'osa') located outside the skill directory (scripts/security_scanner.py inserts a path three levels up). No instructions to install that package are provided. This missing dependency and the path-manipulation import are a significant coherence/operational issue and increase risk (execution may fail or load unexpected code if that path exists).
Credentials
The skill requests no environment variables or external credentials. The files operate only on local config files under ~/.openclaw and produce local reports. No unrelated secrets are requested. That is proportionate to an auditing tool, though the capability to change configs should be noted as impactful.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges. However, it includes tools that can modify the user's OpenClaw configuration files (config_fixer.py makes backups then writes changes). This is a legitimate but sensitive capability—users should be aware the skill can and will write to their config if run with non-dry-run options.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-security-auditor-skill - After installation, invoke the skill by name or use
/openclaw-security-auditor-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
OpenClaw Security Auditor Skill 1.0.0 – Initial Release
- Provides comprehensive 47-point security audits for OpenClaw deployments, covering 7 major domains.
- Offers 60-second security diagnosis, risk scoring (0–100), and severity classification.
- Generates bilingual (Chinese/English) reports with detailed findings, fix commands, and security mode recommendations.
- Supports automated fix suggestions and best-practice configuration templates.
- Output available as Markdown, JSON, or HTML for both human and automated workflows.
- Safe, non-destructive design: scans configs only and applies changes only with user approval.
Metadata
Frequently Asked Questions
What is openclaw security auditor?
OpenClaw Security Auditor (OSA) - Comprehensive security auditing tool for OpenClaw deployments. Provides 60-second security diagnosis, risk scoring (0-100),... It is an AI Agent Skill for Claude Code / OpenClaw, with 212 downloads so far.
How do I install openclaw security auditor?
Run "/install openclaw-security-auditor-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is openclaw security auditor free?
Yes, openclaw security auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does openclaw security auditor support?
openclaw security auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created openclaw security auditor?
It is built and maintained by Albert Liu (@albertlsy588); the current version is v1.0.0.
More Skills