{ "schemaVersion": "1.0", "item": { "slug": "openclaw-audit-watchdog", "name": "openclaw-audit-watchdog", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/davida-ps/openclaw-audit-watchdog", "canonicalUrl": "https://clawhub.ai/davida-ps/openclaw-audit-watchdog", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/openclaw-audit-watchdog", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw-audit-watchdog", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "README.md", "SKILL.md", "examples/README.md", "examples/security-audit-config.example.json", "scripts/codex_review.sh" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/openclaw-audit-watchdog" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/openclaw-audit-watchdog", "agentPageUrl": "https://openagent3.xyz/skills/openclaw-audit-watchdog/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-audit-watchdog/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-audit-watchdog/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Installation Options", "body": "You can get openclaw-audit-watchdog in two ways:" }, { "title": "Option A: Bundled with ClawSec Suite (Recommended)", "body": "If you've installed clawsec-suite, you may already have this!\n\nOpenclaw-audit-watchdog is bundled alongside ClawSec Suite to provide crucial automated security audit capabilities. When you install the suite, if you don't already have the audit watchdog installed, it will be deployed from the bundled copy.\n\nAdvantages:\n\nConvenient - no separate download needed\nStandard location - installed to ~/.openclaw/skills/openclaw-audit-watchdog/\nPreserved - if you already have audit watchdog installed, it won't be overwritten\nSingle verification - integrity checked as part of suite package" }, { "title": "Option B: Standalone Installation (This Page)", "body": "Install openclaw-audit-watchdog independently without the full suite.\n\nWhen to use standalone:\n\nYou only need the audit watchdog (not other suite components)\nYou want to install before installing the suite\nYou prefer explicit control over audit watchdog installation\n\nAdvantages:\n\nLighter weight installation\nIndependent from suite\nDirect control over installation process\n\nContinue below for standalone installation instructions." }, { "title": "Goal", "body": "Create (or update) a daily cron job that:\n\nRuns:\n\nopenclaw security audit --json\nopenclaw security audit --deep --json\n\nSummarizes findings (critical/warn/info + top findings)\n\n\nSends the report to:\n\na user-selected DM target (channel + recipient id/handle)\n\nDefault schedule: daily at 23:00 (11pm) in the chosen timezone.\n\nDelivery:\n\nDM to last active session" }, { "title": "Example 1: Quick Start (Environment Variables)", "body": "For automated/MDM deployments, set environment variables before invoking:\n\nexport PROMPTSEC_DM_CHANNEL=\"telegram\"\nexport PROMPTSEC_DM_TO=\"@yourhandle\"\nexport PROMPTSEC_TZ=\"America/New_York\"\nexport PROMPTSEC_HOST_LABEL=\"prod-server-01\"\n\n# Then invoke the skill\n/openclaw-audit-watchdog\n\nThe skill will automatically configure and create the cron job without prompts." }, { "title": "Example 2: Interactive Setup", "body": "If environment variables aren't set, the skill will prompt minimally:\n\nUser: /openclaw-audit-watchdog\n\nAgent: Setting up daily security audit watchdog...\n What channel should I use for delivery? (e.g., telegram, slack)\nUser: telegram\n\nAgent: What's the recipient ID or handle?\nUser: @myhandle\n\nAgent: Which timezone for the 23:00 daily run? (default: UTC)\nUser: America/Los_Angeles\n\nAgent: ✓ Created cron job \"Daily security audit (Prompt Security)\"\n Schedule: Daily at 23:00 America/Los_Angeles\n Delivery: telegram → @myhandle" }, { "title": "Example 3: Updating Existing Job", "body": "If a job already exists, the skill updates it instead of creating duplicates:\n\nUser: /openclaw-audit-watchdog\n\nAgent: Found existing \"Daily security audit (Prompt Security)\" job.\n Current: Daily at 23:00 UTC → telegram:@oldhandle\n\n Update delivery target? (current: telegram:@oldhandle)\nUser: slack:#security-alerts\n\nAgent: ✓ Updated cron job\n Schedule: Daily at 23:00 UTC\n Delivery: slack:#security-alerts" }, { "title": "Example 4: What Gets Delivered", "body": "Each day at the scheduled time, you'll receive a report like:\n\n🔭 Daily Security Audit Report\nHost: prod-server-01\nTime: 2026-02-16 23:00:00 America/New_York\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nSUMMARY\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n✓ Standard Audit: 12 checks passed, 2 warnings\n✓ Deep Audit: 8 probes passed, 1 critical\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nCRITICAL FINDINGS\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n[CRIT-001] Unencrypted API Keys Detected\n→ Remediation: Move credentials to encrypted vault or use environment variables\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nWARNINGS\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n[WARN-003] Outdated Dependencies Found\n→ Remediation: Run `openclaw security audit --fix` to update\n\n[WARN-007] Weak Permission on Config File\n→ Remediation: chmod 600 ~/.openclaw/config.json\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nRun `openclaw security audit --deep` for full details." }, { "title": "Example 5: Custom Schedule", "body": "Want a different schedule? Set it before invoking:\n\n# Run every 6 hours instead of daily\nexport PROMPTSEC_SCHEDULE=\"0 */6 * * *\"\n/openclaw-audit-watchdog" }, { "title": "Example 6: Multiple Environments", "body": "For managing multiple servers, use different host labels:\n\n# On dev server\nexport PROMPTSEC_HOST_LABEL=\"dev-01\"\nexport PROMPTSEC_DM_TO=\"@dev-team\"\n/openclaw-audit-watchdog\n\n# On prod server\nexport PROMPTSEC_HOST_LABEL=\"prod-01\"\nexport PROMPTSEC_DM_TO=\"@oncall\"\n/openclaw-audit-watchdog\n\nEach will send reports with clear host identification." }, { "title": "Example 7: Suppressing Known Findings", "body": "To suppress audit findings that have been reviewed and accepted, pass the --enable-suppressions flag and ensure the config file includes the \"enabledFor\": [\"audit\"] sentinel:\n\n# Create or edit the suppression config\ncat > ~/.openclaw/security-audit.json <<'JSON'\n{\n \"enabledFor\": [\"audit\"],\n \"suppressions\": [\n {\n \"checkId\": \"skills.code_safety\",\n \"skill\": \"clawsec-suite\",\n \"reason\": \"First-party security tooling — reviewed by security team\",\n \"suppressedAt\": \"2026-02-15\"\n }\n ]\n}\nJSON\n\n# Run with suppressions enabled\n/openclaw-audit-watchdog --enable-suppressions\n\nSuppressed findings still appear in the report under an informational section but are excluded from critical/warning totals." }, { "title": "Suppression / Allowlist", "body": "The audit pipeline supports an opt-in suppression mechanism for managing reviewed findings. Suppression uses defense-in-depth activation: two independent gates must both be satisfied." }, { "title": "Activation Requirements", "body": "CLI flag: The --enable-suppressions flag must be passed at invocation.\nConfig sentinel: The configuration file must include \"enabledFor\" with \"audit\" in the array.\n\nIf either gate is absent, all findings are reported normally and the suppression list is ignored." }, { "title": "Config File Resolution (4-tier)", "body": "Explicit --config argument\nOPENCLAW_AUDIT_CONFIG environment variable\n~/.openclaw/security-audit.json\n.clawsec/allowlist.json" }, { "title": "Config Format", "body": "{\n \"enabledFor\": [\"audit\"],\n \"suppressions\": [\n {\n \"checkId\": \"skills.code_safety\",\n \"skill\": \"clawsec-suite\",\n \"reason\": \"First-party security tooling — reviewed by security team\",\n \"suppressedAt\": \"2026-02-15\"\n }\n ]\n}" }, { "title": "Sentinel Semantics", "body": "\"enabledFor\": [\"audit\"] -- audit suppression active (requires --enable-suppressions flag too)\n\"enabledFor\": [\"advisory\"] -- only advisory pipeline suppression (no effect on audit)\n\"enabledFor\": [\"audit\", \"advisory\"] -- both pipelines honor suppressions\nMissing or empty enabledFor -- no suppression active (safe default)" }, { "title": "Matching Rules", "body": "checkId: exact match against the audit finding's check identifier (e.g., skills.code_safety)\nskill: case-insensitive match against the skill name from the finding\nBoth fields must match for a finding to be suppressed" }, { "title": "Installation flow (interactive)", "body": "Provisioning (MDM-friendly): prefer environment variables (no prompts).\n\nRequired env:\n\nPROMPTSEC_DM_CHANNEL (e.g. telegram)\nPROMPTSEC_DM_TO (recipient id)\n\nOptional env:\n\nPROMPTSEC_TZ (IANA timezone; default UTC)\nPROMPTSEC_HOST_LABEL (label included in report; default uses hostname)\nPROMPTSEC_INSTALL_DIR (stable path used by cron payload to cd before running runner; default: ~/.config/security-checkup)\nPROMPTSEC_GIT_PULL=1 (runner will git pull --ff-only if installed from git)\n\nPath expansion rules (important):\n\nIn bash/zsh, use PROMPTSEC_INSTALL_DIR=\"$HOME/.config/security-checkup\" (or absolute path).\nDo not pass a single-quoted literal like '$HOME/.config/security-checkup'.\nOn PowerShell, prefer: $env:PROMPTSEC_INSTALL_DIR = Join-Path $HOME \".config/security-checkup\".\nIf path resolution fails, setup now exits with a clear error instead of creating a literal $HOME directory segment.\n\nInteractive install is last resort if env vars or defaults are not set.\n\neven in that case keep prompts minimalistic the watchdog tool is pretty straight up configured out of the box." }, { "title": "Create the cron job", "body": "Use the cron tool to create a job with:\n\nschedule.kind=\"cron\"\nschedule.expr=\"0 23 * * *\"\nschedule.tz=\nsessionTarget=\"isolated\"\nwakeMode=\"now\"\npayload.kind=\"agentTurn\"\npayload.deliver=true" }, { "title": "Payload message template (agentTurn)", "body": "Create the job with a payload message that instructs the isolated run to:\n\nRun the audits\n\nPrefer JSON output for robust parsing:\n\nopenclaw security audit --json\nopenclaw security audit --deep --json\n\nRender a concise text report:\n\nInclude:\n\nTimestamp + host identifier if available\nSummary counts\nFor each CRITICAL/WARN: checkId + title + 1-line remediation\nIf deep probe fails: include the probe error line\n\nDeliver the report:\n\nDM to the chosen user target using message tool" }, { "title": "Email delivery requirement", "body": "Attempt email delivery in this priority order:\n\nA) If an email channel plugin exists in this deployment, use:\n\nmessage(action=\"send\", channel=\"email\", target=\"target@example.com\", message=)\n\nB) Otherwise, fallback to local sendmail if available:\n\nexec with: printf \"%s\" \"$REPORT\" | /usr/sbin/sendmail -t (construct To/Subject headers)\n\nIf neither path is possible, still DM the user and include a line:\n\n\"NOTE: could not deliver to target@example.com (email channel not configured)\"" }, { "title": "Idempotency / updates", "body": "Before adding a new job:\n\ncron.list(includeDisabled=true)\nIf a job with name matching \"Daily security audit\" exists, update it instead of adding a duplicate:\n\nadjust schedule tz/expr\nadjust DM target" }, { "title": "Suggested naming", "body": "Job name: \"Daily security audit (Prompt Security)\"" }, { "title": "Minimal recommended defaults (do not auto-change config)", "body": "The cron’s report should suggest fixes but must not apply them.\n\nDo not run openclaw security audit --fix unless explicitly asked." } ], "body": "Prompt Security Audit (openclaw)\nInstallation Options\n\nYou can get openclaw-audit-watchdog in two ways:\n\nOption A: Bundled with ClawSec Suite (Recommended)\n\nIf you've installed clawsec-suite, you may already have this!\n\nOpenclaw-audit-watchdog is bundled alongside ClawSec Suite to provide crucial automated security audit capabilities. When you install the suite, if you don't already have the audit watchdog installed, it will be deployed from the bundled copy.\n\nAdvantages:\n\nConvenient - no separate download needed\nStandard location - installed to ~/.openclaw/skills/openclaw-audit-watchdog/\nPreserved - if you already have audit watchdog installed, it won't be overwritten\nSingle verification - integrity checked as part of suite package\nOption B: Standalone Installation (This Page)\n\nInstall openclaw-audit-watchdog independently without the full suite.\n\nWhen to use standalone:\n\nYou only need the audit watchdog (not other suite components)\nYou want to install before installing the suite\nYou prefer explicit control over audit watchdog installation\n\nAdvantages:\n\nLighter weight installation\nIndependent from suite\nDirect control over installation process\n\nContinue below for standalone installation instructions.\n\nGoal\n\nCreate (or update) a daily cron job that:\n\nRuns:\nopenclaw security audit --json\nopenclaw security audit --deep --json\n\nSummarizes findings (critical/warn/info + top findings)\n\nSends the report to:\n\na user-selected DM target (channel + recipient id/handle)\n\nDefault schedule: daily at 23:00 (11pm) in the chosen timezone.\n\nDelivery:\n\nDM to last active session\nUsage Examples\nExample 1: Quick Start (Environment Variables)\n\nFor automated/MDM deployments, set environment variables before invoking:\n\nexport PROMPTSEC_DM_CHANNEL=\"telegram\"\nexport PROMPTSEC_DM_TO=\"@yourhandle\"\nexport PROMPTSEC_TZ=\"America/New_York\"\nexport PROMPTSEC_HOST_LABEL=\"prod-server-01\"\n\n# Then invoke the skill\n/openclaw-audit-watchdog\n\n\nThe skill will automatically configure and create the cron job without prompts.\n\nExample 2: Interactive Setup\n\nIf environment variables aren't set, the skill will prompt minimally:\n\nUser: /openclaw-audit-watchdog\n\nAgent: Setting up daily security audit watchdog...\n What channel should I use for delivery? (e.g., telegram, slack)\nUser: telegram\n\nAgent: What's the recipient ID or handle?\nUser: @myhandle\n\nAgent: Which timezone for the 23:00 daily run? (default: UTC)\nUser: America/Los_Angeles\n\nAgent: ✓ Created cron job \"Daily security audit (Prompt Security)\"\n Schedule: Daily at 23:00 America/Los_Angeles\n Delivery: telegram → @myhandle\n\nExample 3: Updating Existing Job\n\nIf a job already exists, the skill updates it instead of creating duplicates:\n\nUser: /openclaw-audit-watchdog\n\nAgent: Found existing \"Daily security audit (Prompt Security)\" job.\n Current: Daily at 23:00 UTC → telegram:@oldhandle\n\n Update delivery target? (current: telegram:@oldhandle)\nUser: slack:#security-alerts\n\nAgent: ✓ Updated cron job\n Schedule: Daily at 23:00 UTC\n Delivery: slack:#security-alerts\n\nExample 4: What Gets Delivered\n\nEach day at the scheduled time, you'll receive a report like:\n\n🔭 Daily Security Audit Report\nHost: prod-server-01\nTime: 2026-02-16 23:00:00 America/New_York\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nSUMMARY\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n✓ Standard Audit: 12 checks passed, 2 warnings\n✓ Deep Audit: 8 probes passed, 1 critical\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nCRITICAL FINDINGS\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n[CRIT-001] Unencrypted API Keys Detected\n→ Remediation: Move credentials to encrypted vault or use environment variables\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nWARNINGS\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n[WARN-003] Outdated Dependencies Found\n→ Remediation: Run `openclaw security audit --fix` to update\n\n[WARN-007] Weak Permission on Config File\n→ Remediation: chmod 600 ~/.openclaw/config.json\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nRun `openclaw security audit --deep` for full details.\n\nExample 5: Custom Schedule\n\nWant a different schedule? Set it before invoking:\n\n# Run every 6 hours instead of daily\nexport PROMPTSEC_SCHEDULE=\"0 */6 * * *\"\n/openclaw-audit-watchdog\n\nExample 6: Multiple Environments\n\nFor managing multiple servers, use different host labels:\n\n# On dev server\nexport PROMPTSEC_HOST_LABEL=\"dev-01\"\nexport PROMPTSEC_DM_TO=\"@dev-team\"\n/openclaw-audit-watchdog\n\n# On prod server\nexport PROMPTSEC_HOST_LABEL=\"prod-01\"\nexport PROMPTSEC_DM_TO=\"@oncall\"\n/openclaw-audit-watchdog\n\n\nEach will send reports with clear host identification.\n\nExample 7: Suppressing Known Findings\n\nTo suppress audit findings that have been reviewed and accepted, pass the --enable-suppressions flag and ensure the config file includes the \"enabledFor\": [\"audit\"] sentinel:\n\n# Create or edit the suppression config\ncat > ~/.openclaw/security-audit.json <<'JSON'\n{\n \"enabledFor\": [\"audit\"],\n \"suppressions\": [\n {\n \"checkId\": \"skills.code_safety\",\n \"skill\": \"clawsec-suite\",\n \"reason\": \"First-party security tooling — reviewed by security team\",\n \"suppressedAt\": \"2026-02-15\"\n }\n ]\n}\nJSON\n\n# Run with suppressions enabled\n/openclaw-audit-watchdog --enable-suppressions\n\n\nSuppressed findings still appear in the report under an informational section but are excluded from critical/warning totals.\n\nSuppression / Allowlist\n\nThe audit pipeline supports an opt-in suppression mechanism for managing reviewed findings. Suppression uses defense-in-depth activation: two independent gates must both be satisfied.\n\nActivation Requirements\nCLI flag: The --enable-suppressions flag must be passed at invocation.\nConfig sentinel: The configuration file must include \"enabledFor\" with \"audit\" in the array.\n\nIf either gate is absent, all findings are reported normally and the suppression list is ignored.\n\nConfig File Resolution (4-tier)\nExplicit --config argument\nOPENCLAW_AUDIT_CONFIG environment variable\n~/.openclaw/security-audit.json\n.clawsec/allowlist.json\nConfig Format\n{\n \"enabledFor\": [\"audit\"],\n \"suppressions\": [\n {\n \"checkId\": \"skills.code_safety\",\n \"skill\": \"clawsec-suite\",\n \"reason\": \"First-party security tooling — reviewed by security team\",\n \"suppressedAt\": \"2026-02-15\"\n }\n ]\n}\n\nSentinel Semantics\n\"enabledFor\": [\"audit\"] -- audit suppression active (requires --enable-suppressions flag too)\n\"enabledFor\": [\"advisory\"] -- only advisory pipeline suppression (no effect on audit)\n\"enabledFor\": [\"audit\", \"advisory\"] -- both pipelines honor suppressions\nMissing or empty enabledFor -- no suppression active (safe default)\nMatching Rules\ncheckId: exact match against the audit finding's check identifier (e.g., skills.code_safety)\nskill: case-insensitive match against the skill name from the finding\nBoth fields must match for a finding to be suppressed\nInstallation flow (interactive)\n\nProvisioning (MDM-friendly): prefer environment variables (no prompts).\n\nRequired env:\n\nPROMPTSEC_DM_CHANNEL (e.g. telegram)\nPROMPTSEC_DM_TO (recipient id)\n\nOptional env:\n\nPROMPTSEC_TZ (IANA timezone; default UTC)\nPROMPTSEC_HOST_LABEL (label included in report; default uses hostname)\nPROMPTSEC_INSTALL_DIR (stable path used by cron payload to cd before running runner; default: ~/.config/security-checkup)\nPROMPTSEC_GIT_PULL=1 (runner will git pull --ff-only if installed from git)\n\nPath expansion rules (important):\n\nIn bash/zsh, use PROMPTSEC_INSTALL_DIR=\"$HOME/.config/security-checkup\" (or absolute path).\nDo not pass a single-quoted literal like '$HOME/.config/security-checkup'.\nOn PowerShell, prefer: $env:PROMPTSEC_INSTALL_DIR = Join-Path $HOME \".config/security-checkup\".\nIf path resolution fails, setup now exits with a clear error instead of creating a literal $HOME directory segment.\n\nInteractive install is last resort if env vars or defaults are not set.\n\neven in that case keep prompts minimalistic the watchdog tool is pretty straight up configured out of the box.\n\nCreate the cron job\n\nUse the cron tool to create a job with:\n\nschedule.kind=\"cron\"\nschedule.expr=\"0 23 * * *\"\nschedule.tz=\nsessionTarget=\"isolated\"\nwakeMode=\"now\"\npayload.kind=\"agentTurn\"\npayload.deliver=true\nPayload message template (agentTurn)\n\nCreate the job with a payload message that instructs the isolated run to:\n\nRun the audits\nPrefer JSON output for robust parsing:\nopenclaw security audit --json\nopenclaw security audit --deep --json\nRender a concise text report:\n\nInclude:\n\nTimestamp + host identifier if available\nSummary counts\nFor each CRITICAL/WARN: checkId + title + 1-line remediation\nIf deep probe fails: include the probe error line\nDeliver the report:\nDM to the chosen user target using message tool\nEmail delivery requirement\n\nAttempt email delivery in this priority order:\n\nA) If an email channel plugin exists in this deployment, use:\n\nmessage(action=\"send\", channel=\"email\", target=\"target@example.com\", message=)\n\nB) Otherwise, fallback to local sendmail if available:\n\nexec with: printf \"%s\" \"$REPORT\" | /usr/sbin/sendmail -t (construct To/Subject headers)\n\nIf neither path is possible, still DM the user and include a line:\n\n\"NOTE: could not deliver to target@example.com (email channel not configured)\"\nIdempotency / updates\n\nBefore adding a new job:\n\ncron.list(includeDisabled=true)\nIf a job with name matching \"Daily security audit\" exists, update it instead of adding a duplicate:\nadjust schedule tz/expr\nadjust DM target\nSuggested naming\nJob name: \"Daily security audit (Prompt Security)\"\nMinimal recommended defaults (do not auto-change config)\n\nThe cron’s report should suggest fixes but must not apply them.\n\nDo not run openclaw security audit --fix unless explicitly asked." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/davida-ps/openclaw-audit-watchdog", "publisherUrl": "https://clawhub.ai/davida-ps/openclaw-audit-watchdog", "owner": "davida-ps", "version": "0.1.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/openclaw-audit-watchdog", "downloadUrl": "https://openagent3.xyz/downloads/openclaw-audit-watchdog", "agentUrl": "https://openagent3.xyz/skills/openclaw-audit-watchdog/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-audit-watchdog/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-audit-watchdog/agent.md" } }