← All skills

Tencent SkillHub · Security & Compliance

OpenClaw Security Auditor

Audit OpenClaw configuration for security risks and generate a remediation report using the user's configured LLM.

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

Audit OpenClaw configuration for security risks and generate a remediation report using the user's configured LLM.

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: CHANGELOG.md, SKILL.md, CONTRIBUTING.md, README.md, docs/SECURITY-CHECKS.md, docs/USAGE.md

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 1.0.0

Provenance

Publisher: Muhammad-Waleed381
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 11 sections Open source page

OpenClaw Security Audit Skill

Local-only skill that audits ~/.openclaw/openclaw.json, runs 15+ security checks, and generates a detailed report using the user's existing LLM configuration. No external APIs or keys required.

When to Use This Skill

The user asks for a security audit of their OpenClaw instance. The user wants a remediation checklist for configuration risks. The user is preparing an OpenClaw deployment and wants a hardening review.

How It Works

Read config with standard tools (cat, jq). Extract security-relevant settings (NEVER actual secrets). Build a structured findings object with metadata only. Pass findings to the user's LLM via OpenClaw's normal agent flow. Generate a markdown report with severity ratings and fixes.

Inputs

target_config_path (optional): Path to OpenClaw config file. default: ~/.openclaw/openclaw.json

Outputs

Markdown report including: Overall risk score (0-100) Findings categorized by severity (Critical/High/Medium/Low) Each finding with description, why it matters, how to fix, example config Prioritized remediation roadmap

Security Checks (15+)

API keys hardcoded in config (vs environment variables) Weak or missing gateway authentication tokens Unsafe gateway.bind settings (0.0.0.0 without proper auth) Missing channel access controls (allowFrom not set) Unsafe tool policies (elevated tools without restrictions) Sandbox disabled when it should be enabled Missing rate limits on channels Secrets potentially exposed in logs Outdated OpenClaw version Insecure WhatsApp configuration Insecure Telegram configuration Insecure Discord configuration Missing audit logging for privileged actions Overly permissive file system access scopes Unrestricted webhook endpoints Insecure default admin credentials

Data Handling Rules

Strip all secrets before analysis. Only report metadata such as present/missing/configured. Do not log or emit actual key values. Use local-only execution; no network calls.

Example Findings Object (Redacted)

{ "config_path": "~/.openclaw/openclaw.json", "openclaw_version": "present", "gateway": { "bind": "0.0.0.0", "auth_token": "missing" }, "channels": { "allowFrom": "missing", "rate_limits": "missing" }, "secrets": { "hardcoded": "detected" }, "tool_policies": { "elevated": "unrestricted" } }

Report Format

The report must include: Overall risk score (0-100) Severity buckets: Critical, High, Medium, Low Each finding: description, why it matters, how to fix, example config Prioritized remediation roadmap

Skill Flow (Pseudo)

read_config_path = input.target_config_path || ~/.openclaw/openclaw.json raw_config = cat(read_config_path) json = jq parse raw_config metadata = extract_security_metadata(json) findings = build_findings(metadata) report = openclaw.agent.analyze(findings, format=markdown) return report

Notes

Uses the user's existing OpenClaw LLM configuration (Opus, GPT, Gemini, and local models). No external APIs or special model access are required.

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

6 Docs

SKILL.md Primary doc
CHANGELOG.md Docs
CONTRIBUTING.md Docs
docs/SECURITY-CHECKS.md Docs
docs/USAGE.md Docs
README.md Docs