← Back to Skills Marketplace

openclaw-security-watchdog

Name: openclaw-security-watchdog
Author: ylardablez

by CTCT · GitHub ↗ · v1.1.1 · MIT-0

cross-platform ⚠ suspicious

346

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install openclaw-security-watchdog

Description

OpenClaw 安全巡检工具，一键执行系统安全扫描并生成通俗易懂的报告。使用场景：用户说"安全巡检"、"安全检查"、"安全审计"、"巡检"、"security audit"、"检查安全"、"系统安全"等。触发条件：任何与 OpenClaw 安全检测、审计、巡检相关的请求。运行依赖：必需：Node.js...

Usage Guidance

What to consider before installing/running: - Metadata mismatch: The registry metadata claims no runtime binaries required, but SKILL.md and the script require Node.js v18+ and the openclaw CLI plus typical system utilities (find, lsof, ss/netstat, journalctl, etc.). Confirm those are present or the skill will fail. - Data upload is optional but sensitive: The '--push' (完整检测) mode will upload MAC address, hostname, a persistent agent_id stored locally, and the full installed Skill list to https://auth.ctct.cn:10020 (author-operated Changeway service). Only item+brief are claimed to be uploaded, and full details are stored locally, but you must trust the remote service and its operator before using --push. Do not enable --push unless you vet the endpoint/operator. - Persistence & scheduling: The skill will write files under ~/.openclaw (reports, agent_id, baselines) and recommends (and instructs) adding a cron job via 'openclaw cron add'. If you set up scheduling, follow the SKILL.md admonition to never include --push in scheduled jobs to avoid long-term device reporting. - Signature/auth model: The SKILL.md describes an X-SIGN header that is an unhashed/unsigned digest of device identifiers and time (no secret key). That provides weak server-side integrity/anti-replay guarantees; it is not an authentication token. Be cautious about trusting that mechanism. - Practical steps: (1) Inspect the bundled script yourself or run it in a disposable VM/container first. (2) Run in default local/offline mode before considering any upload. (3) Verify the domain owner (auth.ctct.cn) and decide whether you trust that operator to receive device IDs and component inventories. (4) If you add scheduled runs, ensure cron jobs are reviewed and that '--push' is never included. Given these points, the package is not obviously malicious but has privacy and metadata-coherence issues; proceed only after reviewing and, if needed, testing in an isolated environment.

Capability Analysis

Type: OpenClaw Skill Name: openclaw-security-watchdog Version: 1.1.1 The bundle is a legitimate security auditing tool designed to perform system-wide health checks, monitor sensitive file changes, and audit agent behavior. While it possesses high-risk capabilities—such as scanning network ports, reading system logs, and uploading device identifiers (MAC address, hostname) and a list of installed skills to a remote threat intelligence service (auth.ctct.cn)—these actions are core to its stated purpose. The tool demonstrates a high level of transparency: SKILL.md requires explicit user consent ('2 已了解') before enabling data uploads, and the script openclaw-hybrid-audit-changeway.js specifically redacts sensitive data and excludes technical command details from the uploaded payload. Furthermore, the documentation in references/cron-setup.md explicitly warns against using the upload feature in automated tasks to protect user privacy.

Capability Assessment

⚠ Purpose & Capability

The skill's stated purpose (local security audit) matches the code and instructions: it runs system commands, builds reports, and can optionally upload summaries. However the metadata lists no required binaries or env vars while SKILL.md and the script explicitly require Node.js v18+, the openclaw CLI, and a set of platform tools (find, lsof, ss/netstat, journalctl, etc.). That mismatch (declared requirements = none vs. actual runtime requirements) is an incoherence that could surprise users or make the skill fail.

ℹ Instruction Scope

Instructions tell the agent to run a bundled Node.js script that reads and writes files under ~/.openclaw, runs many system-level commands, and (optionally, when the user selects '完整检测') sends summarized data to remote endpoints. Reading system state and writing local reports is expected for an audit tool, but the SKILL.md also mandates using 'openclaw cron add' and strongly forbids system crontab — that is a policy choice which forces use of the platform's cron mechanism and creates persistent scheduled execution. The SKILL.md explicitly limits what is sent on upload (item + brief) and says full details stay local, which is good, but users must trust that implementation.

✓ Install Mechanism

There is no external install/download spec; the script is bundled in the skill and runs via Node.js. No remote installers or extracted archives are invoked by the skill files provided, which reduces supply-chain risk. However runtime requires the openclaw CLI and native tools which are external dependencies.

ℹ Credentials

The skill requests no environment variables or credentials, which is appropriate. The privacy-sensitive operation is the optional --push: it uploads MAC address, hostname, a persistent agent_id stored in ~/.openclaw/.agent-id, and the installed skill list to the author's Changeway endpoints. That data is documented in SKILL.md and optional, but it is sensitive (device identifiers + component inventory) and creates persistent external linkage if used. No secret key is required by the signature mechanism (it's a hash of mac+hostname+timestamp+nonce), so the authenticity/authorization model is weak and relies on trust in the service.

ℹ Persistence & Privilege

The script persistently writes reports, a skill-hash baseline, and a permanent agent_id to ~/.openclaw and creates an '.audit-first-run' marker. It also instructs adding a scheduled job via openclaw cron (not system crontab). The skill is not 'always:true' and does not ask to modify other skills' configs, but it does create persistent local state and encourages setting up an automated cron job (explicitly forbidding --push in cron).

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install openclaw-security-watchdog
After installation, invoke the skill by name or use /openclaw-security-watchdog
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.1

No file or content changes detected in this version. - Version 1.0.1 has no changes compared to the previous release. - No new features, bug fixes, or documentation updates included.

v1.1.0

**重要版本更新：首次用自动巡检引导、检测模式分离，并新增定时任务配置指引** - 首次运行时新增自动巡检设置引导，支持一键配置每日定时安全巡检任务 - 扫描前明确分离“仅本地扫描”（隐私安全）与“完整检测”（包含联网设备标识上报，需知情同意）两种检测模式 - 新增和完善本地、远端数据边界和上报行为说明，明确定时任务中禁止自动上报 - 增加 references/cron-setup.md 文档，引导定时任务配置流程，强调只能用 openclaw cron 管理巡检任务，禁用系统 crontab - 所有巡检和报告解读流程按新交互和隐私提示严格规范输出，加大用户选择和知情权说明

v1.0.12

openclaw-security-watchdog 1.0.12 - No code changes; project files remain the same. - SKILL.md metadata and descriptions were updated to clarify usage and streamline triggers. - Unused trigger keywords and some scenario details were removed from the description for brevity. - No functional or behavioral changes in the skill operation.

v1.0.11

Initial version. - 提供 OpenClaw 系统安全巡检与报告解读功能。 - 全流程离线运行，无任何网络请求或外部命令，仅依赖 Node.js 标准库。 - 扫描结果只向用户输出 PASS/FAIL/SKIP 数量、安全得分与报告路径。 - 按需逐项解读报告，并用通俗语言加图标反馈风险。 - 支持清理本地报告与基线数据的便捷命令提示。

v1.0.10

- 修改巡检脚本调用方式，由 `child_process.spawnSync` 改为 `child_process.execFileSync`，执行系统命令时不经过 shell，进一步提升安全性。 - 明确说明白名单命令为直接执行二进制文件，不调用 openclaw CLI。 - 其余功能、报告格式、输出要求保持不变。

v1.0.9

openclaw-security-watchdog 1.0.9 - 移除 references/cron-setup.md 文件，彻底去除了定时任务设置相关内容。 - SKILL.md 明确说明 skill 不再包含定时任务指令和功能。 - 更新依赖说明：现在运行期间不再调用 openclaw CLI，仅依赖 Node.js 和本地系统命令。 - 简化卸载与清理指令，只保留本地数据删除操作。

v1.0.8

Initial public release. - 提供本地一键系统安全巡检与自动生成分析报告功能 - 支持 Linux/macOS/Windows，需 Node.js ≥ 18 和 openclaw CLI - 全新报告解读模板，逐项分析 PASS/FAIL/SKIP 项，输出通俗建议 - 不执行任何网络请求，全部数据本地处理与保存 - 不自动注册定时任务，按需向用户引导手动设置 - 新增卸载与清理说明，便于数据管理

v1.0.7

**Summary:** Removed所有联网行为，扫描与报告保存全部本地化。 - 移除所有联网与数据上传功能（包括威胁情报查询和云端评分同步）。 - 第三步检测模式选择被简化为直接本地扫描，不再询问联网完整检测。 - 持久化说明、报告流程、定时任务等内容同步更新，仅描述本地行为。 - skill描述内容删去所有与数据外发相关的流程与说明，符合隐私和离线场景需求。 - 解读模板和报告展示方式保持不变。

v1.0.6

### openclaw-security-watchdog 1.0.6 - 定时任务机制优化：新增说明，定时巡检默认仅执行本地扫描（不联网），联网及威胁情报需用户手动开启 - 首次使用引导文案调整，使定时任务联网行为更透明 - references/cron-setup.md 相关指引同步更新，强调默认本地执行 - 其他描述与条款小幅修正，增强用户隐私提示

v1.0.5

openclaw-security-watchdog 1.0.0 - 添加 skill 元数据字段，包括主页链接（homepage）和作者（author）信息 - 优化联网行为说明，强调不会发送设备指纹（如 MAC 地址、主机名），仅上传插件名称/版本、结果摘要、随机 Agent ID - 检测模式说明同步为“不会发送任何设备标识” - 其他内容、流程与前一版本一致，无功能变更

v1.0.3

- Updated metadata section for improved compatibility and structure. - Replaced the detailed network and persistence metadata with a concise JSON-based format. - No functional changes to runtime behavior or user experience.

v1.0.2

openclaw-security-watchdog v1.0.2 - Removed evals/evals.json from the skill package. - No functionality or behavior changes; only test/evaluation data cleanup.

v1.0.1

- 重命名技能为 openclaw-security-audit，优化功能描述和使用场景说明。 - 明确增加 Node.js 环境检查并引导安装，首次运行时加入自动巡检选择分支。 - 全流程规范化交互：首次引导、检测模式选择（联网/本地）、任务执行，及结果摘要提取。 - 审计报告解读大幅升级，加入逐项友好分析模板，对每项状态给出清晰建议及图标指引。 - 定时任务配置强调只允许通过 `openclaw cron add` 执行，防止环境初始化失败。 - 总体实现更细致的用户分步引导，显著提升易用性和安全性反馈。

Metadata

Slug openclaw-security-watchdog

Version 1.1.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 13

Frequently Asked Questions

What is openclaw-security-watchdog?

How do I install openclaw-security-watchdog?

Run "/install openclaw-security-watchdog" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is openclaw-security-watchdog free?

Yes, openclaw-security-watchdog is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does openclaw-security-watchdog support?

openclaw-security-watchdog is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created openclaw-security-watchdog?

It is built and maintained by CTCT (@ylardablez); the current version is v1.1.1.

More Skills