{ "schemaVersion": "1.0", "item": { "slug": "openclaw-security-auditor", "name": "OpenClaw Security Auditor", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/Muhammad-Waleed381/openclaw-security-auditor", "canonicalUrl": "https://clawhub.ai/Muhammad-Waleed381/openclaw-security-auditor", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/openclaw-security-auditor", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw-security-auditor", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "SKILL.md", "CONTRIBUTING.md", "README.md", "docs/SECURITY-CHECKS.md", "docs/USAGE.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/openclaw-security-auditor" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/openclaw-security-auditor", "agentPageUrl": "https://openagent3.xyz/skills/openclaw-security-auditor/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-security-auditor/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-security-auditor/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "OpenClaw Security Audit Skill", "body": "Local-only skill that audits ~/.openclaw/openclaw.json, runs 15+ security\nchecks, and generates a detailed report using the user's existing LLM\nconfiguration. No external APIs or keys required." }, { "title": "When to Use This Skill", "body": "The user asks for a security audit of their OpenClaw instance.\nThe user wants a remediation checklist for configuration risks.\nThe user is preparing an OpenClaw deployment and wants a hardening review." }, { "title": "How It Works", "body": "Read config with standard tools (cat, jq).\nExtract security-relevant settings (NEVER actual secrets).\nBuild a structured findings object with metadata only.\nPass findings to the user's LLM via OpenClaw's normal agent flow.\nGenerate a markdown report with severity ratings and fixes." }, { "title": "Inputs", "body": "target_config_path (optional): Path to OpenClaw config file.\n\ndefault: ~/.openclaw/openclaw.json" }, { "title": "Outputs", "body": "Markdown report including:\n\nOverall risk score (0-100)\nFindings categorized by severity (Critical/High/Medium/Low)\nEach finding with description, why it matters, how to fix, example config\nPrioritized remediation roadmap" }, { "title": "Security Checks (15+)", "body": "API keys hardcoded in config (vs environment variables)\nWeak or missing gateway authentication tokens\nUnsafe gateway.bind settings (0.0.0.0 without proper auth)\nMissing channel access controls (allowFrom not set)\nUnsafe tool policies (elevated tools without restrictions)\nSandbox disabled when it should be enabled\nMissing rate limits on channels\nSecrets potentially exposed in logs\nOutdated OpenClaw version\nInsecure WhatsApp configuration\nInsecure Telegram configuration\nInsecure Discord configuration\nMissing audit logging for privileged actions\nOverly permissive file system access scopes\nUnrestricted webhook endpoints\nInsecure default admin credentials" }, { "title": "Data Handling Rules", "body": "Strip all secrets before analysis.\nOnly report metadata such as present/missing/configured.\nDo not log or emit actual key values.\nUse local-only execution; no network calls." }, { "title": "Example Findings Object (Redacted)", "body": "{\n \"config_path\": \"~/.openclaw/openclaw.json\",\n \"openclaw_version\": \"present\",\n \"gateway\": {\n \"bind\": \"0.0.0.0\",\n \"auth_token\": \"missing\"\n },\n \"channels\": {\n \"allowFrom\": \"missing\",\n \"rate_limits\": \"missing\"\n },\n \"secrets\": {\n \"hardcoded\": \"detected\"\n },\n \"tool_policies\": {\n \"elevated\": \"unrestricted\"\n }\n}" }, { "title": "Report Format", "body": "The report must include:\n\nOverall risk score (0-100)\nSeverity buckets: Critical, High, Medium, Low\nEach finding: description, why it matters, how to fix, example config\nPrioritized remediation roadmap" }, { "title": "Skill Flow (Pseudo)", "body": "read_config_path = input.target_config_path || ~/.openclaw/openclaw.json\nraw_config = cat(read_config_path)\njson = jq parse raw_config\nmetadata = extract_security_metadata(json)\nfindings = build_findings(metadata)\nreport = openclaw.agent.analyze(findings, format=markdown)\nreturn report" }, { "title": "Notes", "body": "Uses the user's existing OpenClaw LLM configuration (Opus, GPT, Gemini, and\nlocal models).\nNo external APIs or special model access are required." } ], "body": "OpenClaw Security Audit Skill\n\nLocal-only skill that audits ~/.openclaw/openclaw.json, runs 15+ security checks, and generates a detailed report using the user's existing LLM configuration. No external APIs or keys required.\n\nWhen to Use This Skill\nThe user asks for a security audit of their OpenClaw instance.\nThe user wants a remediation checklist for configuration risks.\nThe user is preparing an OpenClaw deployment and wants a hardening review.\nHow It Works\nRead config with standard tools (cat, jq).\nExtract security-relevant settings (NEVER actual secrets).\nBuild a structured findings object with metadata only.\nPass findings to the user's LLM via OpenClaw's normal agent flow.\nGenerate a markdown report with severity ratings and fixes.\nInputs\ntarget_config_path (optional): Path to OpenClaw config file.\ndefault: ~/.openclaw/openclaw.json\nOutputs\nMarkdown report including:\nOverall risk score (0-100)\nFindings categorized by severity (Critical/High/Medium/Low)\nEach finding with description, why it matters, how to fix, example config\nPrioritized remediation roadmap\nSecurity Checks (15+)\nAPI keys hardcoded in config (vs environment variables)\nWeak or missing gateway authentication tokens\nUnsafe gateway.bind settings (0.0.0.0 without proper auth)\nMissing channel access controls (allowFrom not set)\nUnsafe tool policies (elevated tools without restrictions)\nSandbox disabled when it should be enabled\nMissing rate limits on channels\nSecrets potentially exposed in logs\nOutdated OpenClaw version\nInsecure WhatsApp configuration\nInsecure Telegram configuration\nInsecure Discord configuration\nMissing audit logging for privileged actions\nOverly permissive file system access scopes\nUnrestricted webhook endpoints\nInsecure default admin credentials\nData Handling Rules\nStrip all secrets before analysis.\nOnly report metadata such as present/missing/configured.\nDo not log or emit actual key values.\nUse local-only execution; no network calls.\nExample Findings Object (Redacted)\n{\n \"config_path\": \"~/.openclaw/openclaw.json\",\n \"openclaw_version\": \"present\",\n \"gateway\": {\n \"bind\": \"0.0.0.0\",\n \"auth_token\": \"missing\"\n },\n \"channels\": {\n \"allowFrom\": \"missing\",\n \"rate_limits\": \"missing\"\n },\n \"secrets\": {\n \"hardcoded\": \"detected\"\n },\n \"tool_policies\": {\n \"elevated\": \"unrestricted\"\n }\n}\n\nReport Format\n\nThe report must include:\n\nOverall risk score (0-100)\nSeverity buckets: Critical, High, Medium, Low\nEach finding: description, why it matters, how to fix, example config\nPrioritized remediation roadmap\nSkill Flow (Pseudo)\nread_config_path = input.target_config_path || ~/.openclaw/openclaw.json\nraw_config = cat(read_config_path)\njson = jq parse raw_config\nmetadata = extract_security_metadata(json)\nfindings = build_findings(metadata)\nreport = openclaw.agent.analyze(findings, format=markdown)\nreturn report\n\nNotes\nUses the user's existing OpenClaw LLM configuration (Opus, GPT, Gemini, and local models).\nNo external APIs or special model access are required." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/Muhammad-Waleed381/openclaw-security-auditor", "publisherUrl": "https://clawhub.ai/Muhammad-Waleed381/openclaw-security-auditor", "owner": "Muhammad-Waleed381", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/openclaw-security-auditor", "downloadUrl": "https://openagent3.xyz/downloads/openclaw-security-auditor", "agentUrl": "https://openagent3.xyz/skills/openclaw-security-auditor/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-security-auditor/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-security-auditor/agent.md" } }