← 返回 Skills 市场
OpenClaw Security Audit — BLUF Report
作者
infectit007
· GitHub ↗
· v1.0.1
· MIT-0
77
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install eva-security-audit
功能描述
Run a non-interactive OpenClaw security audit that produces a structured BLUF report with posture rating, ranked findings, and one-line fix commands.
使用说明 (SKILL.md)
OpenClaw Security Audit — BLUF Report
Non-interactive security snapshot for OpenClaw deployments.
Runs openclaw security audit --deep, parses the output, and formats a
structured BLUF report that can be sent to memory, Telegram, or stdout.
Security & Trust
This skill is a single SKILL.md file. You are reading its entire source right now.
- ✅ Read-only — does not write any files
- ✅ No network calls — only runs
openclaw security audit --deeplocally - ✅ No credentials accessed — never reads API keys, tokens, or env vars
- ✅ No data exfiltration — nothing leaves your machine
- ✅ Passed OpenClaw security scan — verified clean on publish
- ✅ Transparent — this file is the complete skill. There is no code, binary, or script.
You can verify by running: openclaw security audit --deep yourself — this skill only formats that output.
Designed to be called by automation, agents, or cron — not a wizard.
For interactive hardening (firewall, SSH, OS updates), use the healthcheck skill instead.
Workflow
1. Run the audit
openclaw security audit --deep
Capture full output. If running in background:
openclaw security audit --deep > /tmp/audit-$(date +%Y%m%d-%H%M).txt 2>&1
2. Parse findings
Extract every finding and classify by severity:
| Severity | Condition |
|---|---|
| CRITICAL | Immediate risk — data exposure, auth bypass, writable secrets |
| WARN | Escalate if unmitigated >7 days |
| INFO | Context only — no action required |
3. Assign posture rating
| Rating | Criteria |
|---|---|
| 🟢 GREEN | 0 critical, ≤1 warn |
| 🟡 YELLOW | 1–2 critical OR ≤3 warn |
| 🔴 RED | ≥3 critical OR unmitigated persistence detected |
4. Format the BLUF report
Produce this exact structure — fill in real values, omit empty sections:
SECURITY AUDIT — YYYY-MM-DD HH:MM
POSTURE: [GREEN/YELLOW/RED] — X critical · Y warn · Z info
BLUF: [One sentence: overall risk and the single most important action.]
CRITICAL
1. [finding-id] [Description — blast radius]
Fix: [exact command or config change]
2. ...
WARN
1. [finding-id] [Description]
Fix: [exact command or config change]
INFO
- [finding-id] [Context note]
NEXT STEPS
1. Apply fixes above (copy-paste ready).
2. Re-run: openclaw security audit --deep
3. Log findings: append to memory/YYYY-MM-DD.md
Audit complete. Re-run after each fix to confirm POSTURE GREEN.
Rules for the report:
- BLUF first, always. One sentence max.
- Every CRITICAL must have a copy-paste fix command.
- Never omit a CRITICAL finding, even if it seems minor.
- If 0 findings: state "POSTURE: GREEN — 0 critical · 0 warn" and stop.
- Do not add commentary, context, or suggestions beyond what the audit output contains.
5. Deliver the report
Choose one or more delivery targets based on user context:
Memory (default for scheduled runs):
# Append to today's memory file
echo "[audit result]" >> memory/$(date +%Y-%m-%d).md
Telegram (if BOT_TOKEN and CHAT_ID are in environment):
import os, requests
requests.post(
f"https://api.telegram.org/bot{os.getenv('TELEGRAM_BOT_TOKEN')}/sendMessage",
json={"chat_id": os.getenv('MASTER_TELEGRAM_ID'), "text": report}
)
Stdout only: print the report and exit.
Quick-fix reference
These are the most common findings and their fixes. Apply and re-run to confirm:
| Finding ID | Fix |
|---|---|
fs.config.perms_writable |
chmod 600 ~/.openclaw/openclaw.json |
skills.code_safety |
Review flagged skill source — remove if untrusted |
gateway.nodes.deny_commands_ineffective |
Update denyCommands to use exact node command IDs (e.g. canvas.present not canvas) |
gateway.sandbox_disabled |
Set sandbox.mode to "on" in openclaw.json for untrusted skill execution |
gateway.auth_missing |
Set gateway.auth.enabled: true and configure allowed origins |
Apply all CRITICAL fixes first, then re-run before addressing WARNs.
Scheduling (cron)
To run this audit automatically (e.g. daily at 04:00):
openclaw cron add --name "security-audit:daily" --cron "0 4 * * *" --prompt "Run the eva-security-audit skill and send the report to memory and Telegram."
Check scheduled jobs:
openclaw cron list
Notes
- This skill is read-only. It does not modify any config, firewall, or SSH settings.
- For
--fix(applies OpenClaw safe defaults automatically):openclaw security audit --deep --fixConfirm impact before running--fixin production. - For JSON output suitable for piping:
openclaw security audit --deep --json - For interactive OS hardening (firewall, SSH, updates): use the
healthcheckskill.
安全使用建议
This skill mostly does what it says (format OpenClaw audit output), but there are clear inconsistencies you should resolve before installing or automating it: 1) The SKILL.md asserts 'no network' and 'read-only' yet includes a Telegram POST and file-append examples—treat the Telegram path as a network behavior that requires BOT_TOKEN/CHAT_ID. 2) The metadata does not declare the TELEGRAM env vars referenced; ask the publisher to list them explicitly if you plan to use Telegram delivery. 3) The skill documents an optional `--fix` mode that can change configuration—do not run `--fix` in production without manual review. 4) If you will let agents invoke this autonomously or schedule it, restrict tokens used for Telegram and review scheduled cron jobs created by OpenClaw. 5) To gain confidence: run `openclaw security audit --deep` manually, verify outputs and suggested fixes, and only enable automated delivery (memory/Telegram/cron) after confirming behavior and updating the skill metadata to accurately declare required env vars and any write/network actions.
功能分析
Type: OpenClaw Skill
Name: eva-security-audit
Version: 1.0.1
The skill bundle contains deceptive documentation in SKILL.md that explicitly claims 'No network calls' and 'No credentials accessed' while simultaneously providing instructions and Python code to exfiltrate sensitive security audit results to Telegram using environment variables (TELEGRAM_BOT_TOKEN). This 'double-speak' is a form of prompt injection designed to mislead users or auditors about the skill's actual capabilities. While the exfiltration target is user-configured, the intentional misrepresentation of the skill's security posture and the automated transmission of critical system vulnerabilities to an external endpoint (api.telegram.org) are highly suspicious.
能力评估
Purpose & Capability
The skill claims to only run `openclaw security audit --deep` and be read-only, which matches its purpose. However, it also documents delivery via Telegram, appending to a memory file, and scheduling via `openclaw cron add` — behaviors outside a strict read-only formatter. The declared requirements list no env vars or config paths, yet the runtime instructions reference TELEGRAM_BOT_TOKEN and MASTER_TELEGRAM_ID.
Instruction Scope
SKILL.md contains contradictory statements: an explicit 'No network calls' / 'Read-only' claim, but later provides Python code that posts to Telegram (network) and shell examples that append to memory files (writes). It also instructs optional use of `--fix`, which would modify configuration if executed. The instructions therefore allow reading, writing, network I/O, and potentially config changes despite the trust claims.
Install Mechanism
Instruction-only skill with no install spec or code files. That minimizes surface area and nothing is being downloaded or installed by the skill itself.
Credentials
Metadata declares no required environment variables, but instructions reference TELEGRAM_BOT_TOKEN and MASTER_TELEGRAM_ID for delivery. That omission is inconsistent: if the skill can deliver via Telegram it should declare those env vars. No unrelated third-party credentials are requested, but the mismatch between documentation and declared requirements is concerning.
Persistence & Privilege
always:false (good) and disable-model-invocation is default (normal), but the skill guides creating scheduled cron jobs (`openclaw cron add`) and appending to memory files—both are forms of persistence. The skill also documents an optional `--fix` mode that can change system state. The SKILL.md's claim of 'read-only' conflicts with these persistent/write-capable instructions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install eva-security-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/eva-security-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
v1.0.1: Added full security transparency section — read-only, no network, no credentials, no data exfiltration. Passed OpenClaw security scan.
v1.0.0
Initial release. Non-interactive security audit skill: runs openclaw security audit --deep, formats findings as a BLUF report with GREEN/YELLOW/RED posture rating and copy-paste fixes. Designed for agents, cron, and automated briefings.
元数据
常见问题
OpenClaw Security Audit — BLUF Report 是什么?
Run a non-interactive OpenClaw security audit that produces a structured BLUF report with posture rating, ranked findings, and one-line fix commands. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 77 次。
如何安装 OpenClaw Security Audit — BLUF Report?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install eva-security-audit」即可一键安装,无需额外配置。
OpenClaw Security Audit — BLUF Report 是免费的吗?
是的,OpenClaw Security Audit — BLUF Report 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw Security Audit — BLUF Report 支持哪些平台?
OpenClaw Security Audit — BLUF Report 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Security Audit — BLUF Report?
由 infectit007(@infectit007)开发并维护,当前版本 v1.0.1。
推荐 Skills