# Send OpenClaw Security Auditor to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "openclaw-security-auditor", "name": "OpenClaw Security Auditor", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/Muhammad-Waleed381/openclaw-security-auditor", "canonicalUrl": "https://clawhub.ai/Muhammad-Waleed381/openclaw-security-auditor", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/openclaw-security-auditor", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw-security-auditor", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "CHANGELOG.md", "SKILL.md", "CONTRIBUTING.md", "README.md", "docs/SECURITY-CHECKS.md", "docs/USAGE.md" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "openclaw-security-auditor", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-29T10:24:03.416Z", "expiresAt": "2026-05-06T10:24:03.416Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw-security-auditor", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw-security-auditor", "contentDisposition": "attachment; filename=\"openclaw-security-auditor-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "openclaw-security-auditor" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/openclaw-security-auditor" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/openclaw-security-auditor", "downloadUrl": "https://openagent3.xyz/downloads/openclaw-security-auditor", "agentUrl": "https://openagent3.xyz/skills/openclaw-security-auditor/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-security-auditor/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-security-auditor/agent.md" } } ``` ## Documentation ### OpenClaw Security Audit Skill Local-only skill that audits ~/.openclaw/openclaw.json, runs 15+ security checks, and generates a detailed report using the user's existing LLM configuration. No external APIs or keys required. ### When to Use This Skill The user asks for a security audit of their OpenClaw instance. The user wants a remediation checklist for configuration risks. The user is preparing an OpenClaw deployment and wants a hardening review. ### How It Works Read config with standard tools (cat, jq). Extract security-relevant settings (NEVER actual secrets). Build a structured findings object with metadata only. Pass findings to the user's LLM via OpenClaw's normal agent flow. Generate a markdown report with severity ratings and fixes. ### Inputs target_config_path (optional): Path to OpenClaw config file. default: ~/.openclaw/openclaw.json ### Outputs Markdown report including: Overall risk score (0-100) Findings categorized by severity (Critical/High/Medium/Low) Each finding with description, why it matters, how to fix, example config Prioritized remediation roadmap ### Security Checks (15+) API keys hardcoded in config (vs environment variables) Weak or missing gateway authentication tokens Unsafe gateway.bind settings (0.0.0.0 without proper auth) Missing channel access controls (allowFrom not set) Unsafe tool policies (elevated tools without restrictions) Sandbox disabled when it should be enabled Missing rate limits on channels Secrets potentially exposed in logs Outdated OpenClaw version Insecure WhatsApp configuration Insecure Telegram configuration Insecure Discord configuration Missing audit logging for privileged actions Overly permissive file system access scopes Unrestricted webhook endpoints Insecure default admin credentials ### Data Handling Rules Strip all secrets before analysis. Only report metadata such as present/missing/configured. Do not log or emit actual key values. Use local-only execution; no network calls. ### Example Findings Object (Redacted) { "config_path": "~/.openclaw/openclaw.json", "openclaw_version": "present", "gateway": { "bind": "0.0.0.0", "auth_token": "missing" }, "channels": { "allowFrom": "missing", "rate_limits": "missing" }, "secrets": { "hardcoded": "detected" }, "tool_policies": { "elevated": "unrestricted" } } ### Report Format The report must include: Overall risk score (0-100) Severity buckets: Critical, High, Medium, Low Each finding: description, why it matters, how to fix, example config Prioritized remediation roadmap ### Skill Flow (Pseudo) read_config_path = input.target_config_path || ~/.openclaw/openclaw.json raw_config = cat(read_config_path) json = jq parse raw_config metadata = extract_security_metadata(json) findings = build_findings(metadata) report = openclaw.agent.analyze(findings, format=markdown) return report ### Notes Uses the user's existing OpenClaw LLM configuration (Opus, GPT, Gemini, and local models). No external APIs or special model access are required. ## Trust - Source: tencent - Verification: Indexed source record - Publisher: Muhammad-Waleed381 - Version: 1.0.0 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-04-29T10:24:03.416Z - Expires at: 2026-05-06T10:24:03.416Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/openclaw-security-auditor) - [Send to Agent page](https://openagent3.xyz/skills/openclaw-security-auditor/agent) - [JSON manifest](https://openagent3.xyz/skills/openclaw-security-auditor/agent.json) - [Markdown brief](https://openagent3.xyz/skills/openclaw-security-auditor/agent.md) - [Download page](https://openagent3.xyz/downloads/openclaw-security-auditor)