🧪 Skills
OpenClaw Security Audit
OpenClaw security audit and hardening. Use when the user asks for security audits, firewall/SSH/update hardening, risk posture, exposure review, OpenClaw cro...
v1.0.0
Description
name: openclaw-security description: OpenClaw security audit and hardening. Use when the user asks for security audits, firewall/SSH/update hardening, risk posture, exposure review, OpenClaw cron scheduling for periodic checks, or version status checks on a machine running OpenClaw (laptop, workstation, Pi, VPS). Covers environment isolation, privilege checks, port exposure, skill trust sources, version checks, process monitoring, sensitive directory changes, cron jobs, SSH audits, file integrity baselines, yellow-line operation audits, disk usage, environment variable leaks, DLP scanning, skill/MCP integrity, and disaster recovery backups.
OpenClaw Security Audit
Comprehensive security auditing for OpenClaw deployments. This skill performs automated security checks and generates reports.
Quick Start
Run the security audit script:
python3 scripts/openclaw_security_audit.py
This generates:
- Brief summary printed to stdout
- Detailed report saved to
/tmp/openclaw-security-reports/report-{DATE}.txt
What It Checks
| Check | Description |
|---|---|
| Environment Isolation | Detects Docker/container/VM environments |
| Privilege Check | Verifies OpenClaw isn't running as root |
| Port Exposure | Checks if Gateway port 18789 is exposed |
| Skill Trust | Lists installed skills and their sources |
| Version Check | Compares current vs latest OpenClaw version |
| Process & Network | Captures listening ports and top processes |
| Sensitive Directories | Counts file changes in /etc, ~/.ssh, etc. |
| System Cron | Lists system timers and cron jobs |
| OpenClaw Cron | Retrieves internal OpenClaw scheduled tasks |
| SSH Audit | Recent logins and failed SSH attempts |
| File Integrity | SHA256 hash and permission checks |
| Yellow Line Audit | Compares sudo logs with memory records |
| Disk Usage | Root partition usage and large files |
| Environment Variables | Scans Gateway process for sensitive vars |
| DLP Scan | Detects plaintext private keys/mnemonics |
| Skill/MCP Integrity | Tracks file hash changes over time |
| Disaster Recovery | Auto-commits OpenClaw state to Git |
Output Format
Brief Format (stdout)
OpenClaw Daily Security Brief (2026-03-11)
[OK] Environment Isolation: Running in isolated environment
[OK] Privilege Check: Complies with least privilege principle
[WARNING] Port Exposure: Port 18789 listening on all interfaces, recommend binding to 127.0.0.1
...
Warning Items:
[WARNING] Port Exposure: Port 18789 listening on all interfaces, recommend binding to 127.0.0.1
Detailed Report
Full report saved to /tmp/openclaw-security-reports/report-{DATE}.txt
Environment Variables
For Telegram notifications, set:
TELEGRAM_BOT_TOKEN- Bot token for sending reportsTELEGRAM_CHAT_ID- Chat ID to receive notifications
Scheduling
To run daily via OpenClaw cron:
openclaw cron add --name "daily-security-audit" --schedule "0 9 * * *" --command "python3 ~/.openclaw/workspace/skills/openclaw-security/scripts/openclaw_security_audit.py"
Reviews (0)
Sign in to write a review.
No reviews yet. Be the first to review!
Comments (0)
No comments yet. Be the first to share your thoughts!