{ "schemaVersion": "1.0", "item": { "slug": "secucheck", "name": "Secucheck", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/jooneyp/secucheck", "canonicalUrl": "https://clawhub.ai/jooneyp/secucheck", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/secucheck", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secucheck", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md", "_meta.json", "checks/agents.md", "checks/channels.md", "checks/cron.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/secucheck" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/secucheck", "agentPageUrl": "https://openagent3.xyz/skills/secucheck/agent", "manifestUrl": "https://openagent3.xyz/skills/secucheck/agent.json", "briefUrl": "https://openagent3.xyz/skills/secucheck/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "secucheck - OpenClaw Security Audit", "body": "Comprehensive security audit skill for OpenClaw deployments. Analyzes configuration, permissions, exposure risks, and runtime environment with context-aware recommendations." }, { "title": "Summary", "body": "secucheck performs read-only security audits of your OpenClaw setup:\n\n7 audit domains: Runtime, Channels, Agents, Cron Jobs, Skills, Sessions, Network\n3 expertise levels: Beginner (analogies), Intermediate (technical), Expert (attack vectors)\nContext-aware: Considers VPN, single-user, self-hosted scenarios\nRuntime checks: Live system state (network exposure, containers, privileges)\nDashboard: Visual HTML report with security score\nLocalized output: Final report matches user's language\n\nNever modifies configuration automatically. All fixes require explicit user confirmation." }, { "title": "Installation", "body": "clawhub install secucheck" }, { "title": "Usage", "body": "Ask your OpenClaw agent:\n\n\"security audit\"\n\"secucheck\"\n\"run security check\"" }, { "title": "Expertise Levels", "body": "When prompted, choose your level:\n\nBeginner - Simple analogies, no jargon\nIntermediate - Technical details, config examples\nExpert - Attack vectors, edge cases, CVEs\n\nAll levels run the same checks—only explanation depth varies." }, { "title": "Dashboard", "body": "\"show dashboard\" / \"visual report\"\n\nOpens an HTML report in your browser." }, { "title": "Example Output", "body": "🔒 Security Audit Results\n\n🟡 Needs Attention\n\n| Severity | Count |\n|----------|-------|\n| 🔴 Critical | 0 |\n| 🟠 High | 0 |\n| 🟡 Medium | 2 |\n| 🟢 Low | 3 |\n\n### 🟡 Agent \"molty\": exec + external content processing\n..." }, { "title": "Features", "body": "🔍 Comprehensive: Channels, agents, cron, skills, sessions, network, runtime\n👤 3 Expertise Levels: Beginner / Intermediate / Expert\n🌏 Localized: Final report in user's language\n🎯 Attack Scenarios: Real-world exploitation paths\n⚡ Runtime Checks: VPN, containers, privileges, network exposure\n🎨 Dashboard: Visual HTML report with security score" }, { "title": "Agent Instructions", "body": "Everything below is for the agent executing this skill." }, { "title": "When to Use", "body": "Trigger this skill when:\n\nUser requests security checkup/audit\nAuto-trigger: Installing skills, creating/modifying agents, adding/modifying cron jobs\nPeriodic review (recommended: weekly)" }, { "title": "Expertise Levels", "body": "LevelIdentifierStyleBeginner1, beginnerAnalogies, simple explanations, no jargonIntermediate2, intermediateTechnical details, config examplesExpert3, expertAttack vectors, edge cases, CVE references" }, { "title": "Step 1: Ask Level (before running anything)", "body": "Present options in user's language. Example (English):\n\nWhat level of technical detail do you prefer?\n\n1. 🌱 Beginner - I'll explain simply with analogies\n2. 💻 Intermediate - Technical details and config examples\n3. 🔐 Expert - Include attack vectors and edge cases\n\n📌 All levels run the same checks—only explanation depth varies.\n\nSTOP HERE. Wait for user response." }, { "title": "Step 2: Run Audit", "body": "bash ~/.openclaw/skills/secucheck/scripts/full_audit.sh\n\nReturns JSON with findings categorized by severity." }, { "title": "Step 3: Format Output", "body": "Parse JSON output and format based on user's expertise level.\nFinal report must be in user's language.\n\nReport Structure (Organize by Category)\n\n🔒 Security Audit Results\n\n📊 Summary Table\n| Severity | Count |\n|----------|-------|\n| 🔴 Critical | X |\n| ...\n\n⚡ Runtime\n- [findings related to RUNTIME category]\n\n🤖 Agents \n- [findings related to AGENT category]\n\n📁 Workspace\n- [findings related to WORKSPACE category]\n\n🧩 Skills\n- [findings related to SKILL category]\n\n📢 Channels\n- [findings related to CHANNEL category]\n\n🌐 Network\n- [findings related to NETWORK category]\n\nGroup findings by their category field, not just severity.\nWithin each category, show severity icon and explain." }, { "title": "Step 4: Auto-Open Dashboard", "body": "After text report, automatically generate and serve dashboard:\n\nbash ~/.openclaw/skills/secucheck/scripts/serve_dashboard.sh\n\nThe script returns JSON with url (LAN IP) and local_url (localhost).\nUse the url field (not localhost) when telling the user — they may access from another device.\n\nExample:\n\n📊 대시보드도 열었어요: http://192.168.1.200:8766/secucheck-report.html\n\nIf running in environment where browser can be opened, use browser tool to open it." }, { "title": "Cross-Platform Support", "body": "Scripts run on Linux, macOS, and WSL. Check the JSON output for platform info:\n\n{\n \"os\": \"linux\",\n \"os_variant\": \"ubuntu\",\n \"in_wsl\": false,\n \"in_dsm\": false,\n \"failed_checks\": [\"external_ip\"]\n}" }, { "title": "Platform Detection", "body": "FieldValuesoslinux, macos, windows, unknownos_variantubuntu, arch, dsm, wsl, version stringin_wsltrue if Windows Subsystem for Linuxin_dsmtrue if Synology DSM" }, { "title": "Handling Failed Checks", "body": "If failed_checks array is non-empty, run fallback commands based on platform:\n\nNetwork Info Fallbacks\n\nPlatformCommandLinuxip addr show or ifconfigmacOSifconfigWSLip addr show (or check Windows via cmd.exe /c ipconfig)WindowsPowerShell: Get-NetIPAddressDSMifconfig or /sbin/ip addr\n\nGateway Binding Fallbacks\n\nPlatformCommandLinuxss -tlnp | grep :18789 or netstat -tlnpmacOSlsof -iTCP:18789 -sTCP:LISTENWindowsPowerShell: Get-NetTCPConnection -LocalPort 18789\n\nFile Permissions Fallbacks\n\nPlatformCommandLinux/macOSls -la ~/.openclawWindowsPowerShell: Get-Acl $env:USERPROFILE\\.openclaw" }, { "title": "Windows Native Support", "body": "If os is windows and scripts fail completely:\n\nUse PowerShell commands directly:\n\n# Network exposure\nGet-NetTCPConnection -LocalPort 18789 -State Listen\n\n# File permissions\nGet-Acl \"$env:USERPROFILE\\.openclaw\"\n\n# Process info\nGet-Process | Where-Object {$_.Name -like \"*openclaw*\"}\n\nReport what you can check and note Windows-specific limitations." }, { "title": "Minimal Environments (Docker, DSM)", "body": "Some environments lack tools. Check output and supplement:\n\nMissing ToolFallbackcurlwget -qO-ssnetstatipifconfig or /sbin/ippgrepps aux | grep" }, { "title": "Agent Decision Flow", "body": "1. Run full_audit.sh\n2. Check \"failed_checks\" in output\n3. For each failed check:\n a. Identify platform from os/os_variant\n b. Run platform-specific fallback command\n c. Incorporate results into report\n4. Note any checks that couldn't complete" }, { "title": "Dashboard Generation", "body": "When user requests visual report:\n\nbash ~/.openclaw/skills/secucheck/scripts/serve_dashboard.sh\n\nReturns:\n\n{\n \"status\": \"ok\",\n \"url\": \"http://localhost:8766/secucheck-report.html\",\n \"pid\": 12345\n}\n\nProvide URL directly to user." }, { "title": "Detailed Check References", "body": "Read these only when deep explanation needed:\n\nFileDomainchecks/runtime.mdLive system statechecks/channels.mdChannel policieschecks/agents.mdAgent permissionschecks/cron.mdScheduled jobschecks/skills.mdInstalled skillschecks/sessions.mdSession isolationchecks/network.mdNetwork configuration" }, { "title": "Attack Scenario Templates", "body": "Use these for expert-level explanations:\n\nFileScenarioscenarios/prompt-injection.mdExternal content manipulationscenarios/session-leak.mdCross-session data exposurescenarios/privilege-escalation.mdTool permission abusescenarios/credential-exposure.mdSecret leakagescenarios/unauthorized-access.mdAccess control bypass" }, { "title": "Risk Levels", "body": "🔴 Critical - Immediate action required. Active exploitation possible.\n🟠 High - Significant risk. Should fix soon.\n🟡 Medium - Notable concern. Plan to address.\n🟢 Low - Minor issue or best practice recommendation.\n⚪ Info - Not a risk, but worth noting." }, { "title": "Risk Matrix", "body": "Tool Permissions\n Minimal Full\n ┌──────────┬──────────┐\nExposure │ 🟢 │ 🟡 │\n Low │ Safe │ Caution │\n ├──────────┼──────────┤\n │ 🟡 │ 🔴 │\n High │ Caution │ Critical │\n └──────────┴──────────┘\n\nExposure = Who can talk to the bot (DM policy, group access, public channels)\nTool Permissions = What the bot can do (exec, file access, messaging, browser)" }, { "title": "Context-Aware Exceptions", "body": "Don't just pattern match. Consider context:\n\nContextAdjustmentPrivate channel, 2-3 trusted membersLower risk even with execVPN/Tailscale only accessNetwork exposure less criticalSelf-hosted, single userSession isolation less importantContainerized environmentPrivilege escalation less severe\n\nAlways ask about environment if unclear." }, { "title": "Applying Fixes", "body": "CRITICAL RULES:\n\nNever auto-apply fixes. Always show suggestions first.\nWarn about functional impact. If a fix might break something, say so.\nGet explicit user confirmation before any config changes.\n\nExample flow:\n\nAgent: \"Changing this setting will disable exec in #dev channel.\n If you're using code execution there, it will stop working.\n Apply this fix?\"\nUser: \"yes\"\nAgent: [apply fix via gateway config.patch]" }, { "title": "Language Rules", "body": "Internal processing: Always English\nThinking/reasoning: Always English\nFinal user-facing report: Match user's language\nTechnical terms: Keep in English (exec, cron, gateway, etc.)" }, { "title": "Auto-Review Triggers", "body": "Invoke automatically when:\n\nSkill installation: clawhub install or manual addition\nAgent creation/modification: New agent or tool changes\nCron job creation/modification: New or modified scheduled tasks\n\nFor auto-reviews, focus only on changed component unless full audit requested." }, { "title": "Quick Commands", "body": "User RequestAction\"check channels only\"Run channels.md check\"audit cron jobs\"Run cron.md check\"full audit\"All checks\"more detail\"Re-run with verbose output" }, { "title": "Trust Hierarchy", "body": "Apply appropriate trust levels:\n\nLevelEntityTrust Model1OwnerFull trust — has all access2AI AgentTrust but verify — sandboxed, logged3AllowlistsLimited trust — specified users only4StrangersNo trust — blocked by default" }, { "title": "Incident Response Reference", "body": "If compromise suspected:" }, { "title": "Containment", "body": "Stop gateway process\nSet gateway.bind to loopback (127.0.0.1)\nDisable risky DM/group policies" }, { "title": "Rotation", "body": "Regenerate gateway auth token\nRotate browser control tokens\nRevoke and rotate API keys" }, { "title": "Review", "body": "Check gateway logs and session transcripts\nReview recent config changes\nRe-run full security audit" }, { "title": "Files Reference", "body": "~/.openclaw/skills/secucheck/\n├── SKILL.md # This file\n├── skill.json # Package metadata\n├── README.md # User documentation\n├── scripts/\n│ ├── full_audit.sh # Complete audit (JSON output)\n│ ├── runtime_check.sh # Live system checks\n│ ├── gather_config.sh # Config extraction (redacted)\n│ ├── gather_skills.sh # Skill security scan\n│ ├── gather_agents.sh # Agent configurations\n│ ├── serve_dashboard.sh # Generate + serve HTML report\n│ └── generate_dashboard.sh\n├── dashboard/\n│ └── template.html # Dashboard template\n├── checks/\n│ ├── runtime.md # Runtime interpretation\n│ ├── channels.md # Channel policy checks\n│ ├── agents.md # Agent permission checks\n│ ├── cron.md # Cron job checks\n│ ├── skills.md # Skill safety checks\n│ ├── sessions.md # Session isolation\n│ └── network.md # Network exposure\n├── scenarios/\n│ ├── prompt-injection.md\n│ ├── session-leak.md\n│ ├── privilege-escalation.md\n│ ├── credential-exposure.md\n│ └── unauthorized-access.md\n└── templates/\n ├── report.md # Full report template\n ├── finding.md # Single finding template\n └── summary.md # Quick summary template" }, { "title": "Security Assessment Questions", "body": "When auditing, consider:\n\nExposure: What network interfaces can reach this agent?\nAuthentication: What verification does each access point require?\nIsolation: What boundaries exist between agent and host?\nTrust: What content sources are considered \"trusted\"?\nAuditability: What evidence exists of agent's actions?\nLeast Privilege: Does agent have only necessary permissions?\n\nRemember: This skill exists to make OpenClaw self-aware of its security posture. Use regularly, extend as needed, never skip the audit." } ], "body": "secucheck - OpenClaw Security Audit\n\nComprehensive security audit skill for OpenClaw deployments. Analyzes configuration, permissions, exposure risks, and runtime environment with context-aware recommendations.\n\nSummary\n\nsecucheck performs read-only security audits of your OpenClaw setup:\n\n7 audit domains: Runtime, Channels, Agents, Cron Jobs, Skills, Sessions, Network\n3 expertise levels: Beginner (analogies), Intermediate (technical), Expert (attack vectors)\nContext-aware: Considers VPN, single-user, self-hosted scenarios\nRuntime checks: Live system state (network exposure, containers, privileges)\nDashboard: Visual HTML report with security score\nLocalized output: Final report matches user's language\n\nNever modifies configuration automatically. All fixes require explicit user confirmation.\n\nQuick Start\nInstallation\nclawhub install secucheck\n\nUsage\n\nAsk your OpenClaw agent:\n\n\"security audit\"\n\"secucheck\"\n\"run security check\"\nExpertise Levels\n\nWhen prompted, choose your level:\n\nBeginner - Simple analogies, no jargon\nIntermediate - Technical details, config examples\nExpert - Attack vectors, edge cases, CVEs\n\nAll levels run the same checks—only explanation depth varies.\n\nDashboard\n\"show dashboard\" / \"visual report\"\n\n\nOpens an HTML report in your browser.\n\nExample Output\n🔒 Security Audit Results\n\n🟡 Needs Attention\n\n| Severity | Count |\n|----------|-------|\n| 🔴 Critical | 0 |\n| 🟠 High | 0 |\n| 🟡 Medium | 2 |\n| 🟢 Low | 3 |\n\n### 🟡 Agent \"molty\": exec + external content processing\n...\n\nFeatures\n🔍 Comprehensive: Channels, agents, cron, skills, sessions, network, runtime\n👤 3 Expertise Levels: Beginner / Intermediate / Expert\n🌏 Localized: Final report in user's language\n🎯 Attack Scenarios: Real-world exploitation paths\n⚡ Runtime Checks: VPN, containers, privileges, network exposure\n🎨 Dashboard: Visual HTML report with security score\nAgent Instructions\n\nEverything below is for the agent executing this skill.\n\nWhen to Use\n\nTrigger this skill when:\n\nUser requests security checkup/audit\nAuto-trigger: Installing skills, creating/modifying agents, adding/modifying cron jobs\nPeriodic review (recommended: weekly)\nExpertise Levels\nLevel\tIdentifier\tStyle\nBeginner\t1, beginner\tAnalogies, simple explanations, no jargon\nIntermediate\t2, intermediate\tTechnical details, config examples\nExpert\t3, expert\tAttack vectors, edge cases, CVE references\nExecution Flow\nStep 1: Ask Level (before running anything)\n\nPresent options in user's language. Example (English):\n\nWhat level of technical detail do you prefer?\n\n1. 🌱 Beginner - I'll explain simply with analogies\n2. 💻 Intermediate - Technical details and config examples\n3. 🔐 Expert - Include attack vectors and edge cases\n\n📌 All levels run the same checks—only explanation depth varies.\n\n\nSTOP HERE. Wait for user response.\n\nStep 2: Run Audit\nbash ~/.openclaw/skills/secucheck/scripts/full_audit.sh\n\n\nReturns JSON with findings categorized by severity.\n\nStep 3: Format Output\n\nParse JSON output and format based on user's expertise level. Final report must be in user's language.\n\nReport Structure (Organize by Category)\n🔒 Security Audit Results\n\n📊 Summary Table\n| Severity | Count |\n|----------|-------|\n| 🔴 Critical | X |\n| ...\n\n⚡ Runtime\n- [findings related to RUNTIME category]\n\n🤖 Agents \n- [findings related to AGENT category]\n\n📁 Workspace\n- [findings related to WORKSPACE category]\n\n🧩 Skills\n- [findings related to SKILL category]\n\n📢 Channels\n- [findings related to CHANNEL category]\n\n🌐 Network\n- [findings related to NETWORK category]\n\n\nGroup findings by their category field, not just severity. Within each category, show severity icon and explain.\n\nStep 4: Auto-Open Dashboard\n\nAfter text report, automatically generate and serve dashboard:\n\nbash ~/.openclaw/skills/secucheck/scripts/serve_dashboard.sh\n\n\nThe script returns JSON with url (LAN IP) and local_url (localhost). Use the url field (not localhost) when telling the user — they may access from another device.\n\nExample:\n\n📊 대시보드도 열었어요: http://192.168.1.200:8766/secucheck-report.html\n\n\nIf running in environment where browser can be opened, use browser tool to open it.\n\nCross-Platform Support\n\nScripts run on Linux, macOS, and WSL. Check the JSON output for platform info:\n\n{\n \"os\": \"linux\",\n \"os_variant\": \"ubuntu\",\n \"in_wsl\": false,\n \"in_dsm\": false,\n \"failed_checks\": [\"external_ip\"]\n}\n\nPlatform Detection\nField\tValues\nos\tlinux, macos, windows, unknown\nos_variant\tubuntu, arch, dsm, wsl, version string\nin_wsl\ttrue if Windows Subsystem for Linux\nin_dsm\ttrue if Synology DSM\nHandling Failed Checks\n\nIf failed_checks array is non-empty, run fallback commands based on platform:\n\nNetwork Info Fallbacks\nPlatform\tCommand\nLinux\tip addr show or ifconfig\nmacOS\tifconfig\nWSL\tip addr show (or check Windows via cmd.exe /c ipconfig)\nWindows\tPowerShell: Get-NetIPAddress\nDSM\tifconfig or /sbin/ip addr\nGateway Binding Fallbacks\nPlatform\tCommand\nLinux\tss -tlnp | grep :18789 or netstat -tlnp\nmacOS\tlsof -iTCP:18789 -sTCP:LISTEN\nWindows\tPowerShell: Get-NetTCPConnection -LocalPort 18789\nFile Permissions Fallbacks\nPlatform\tCommand\nLinux/macOS\tls -la ~/.openclaw\nWindows\tPowerShell: Get-Acl $env:USERPROFILE\\.openclaw\nWindows Native Support\n\nIf os is windows and scripts fail completely:\n\nUse PowerShell commands directly:\n# Network exposure\nGet-NetTCPConnection -LocalPort 18789 -State Listen\n\n# File permissions\nGet-Acl \"$env:USERPROFILE\\.openclaw\"\n\n# Process info\nGet-Process | Where-Object {$_.Name -like \"*openclaw*\"}\n\nReport what you can check and note Windows-specific limitations.\nMinimal Environments (Docker, DSM)\n\nSome environments lack tools. Check output and supplement:\n\nMissing Tool\tFallback\ncurl\twget -qO-\nss\tnetstat\nip\tifconfig or /sbin/ip\npgrep\tps aux | grep\nAgent Decision Flow\n1. Run full_audit.sh\n2. Check \"failed_checks\" in output\n3. For each failed check:\n a. Identify platform from os/os_variant\n b. Run platform-specific fallback command\n c. Incorporate results into report\n4. Note any checks that couldn't complete\n\nDashboard Generation\n\nWhen user requests visual report:\n\nbash ~/.openclaw/skills/secucheck/scripts/serve_dashboard.sh\n\n\nReturns:\n\n{\n \"status\": \"ok\",\n \"url\": \"http://localhost:8766/secucheck-report.html\",\n \"pid\": 12345\n}\n\n\nProvide URL directly to user.\n\nDetailed Check References\n\nRead these only when deep explanation needed:\n\nFile\tDomain\nchecks/runtime.md\tLive system state\nchecks/channels.md\tChannel policies\nchecks/agents.md\tAgent permissions\nchecks/cron.md\tScheduled jobs\nchecks/skills.md\tInstalled skills\nchecks/sessions.md\tSession isolation\nchecks/network.md\tNetwork configuration\nAttack Scenario Templates\n\nUse these for expert-level explanations:\n\nFile\tScenario\nscenarios/prompt-injection.md\tExternal content manipulation\nscenarios/session-leak.md\tCross-session data exposure\nscenarios/privilege-escalation.md\tTool permission abuse\nscenarios/credential-exposure.md\tSecret leakage\nscenarios/unauthorized-access.md\tAccess control bypass\nRisk Levels\n🔴 Critical - Immediate action required. Active exploitation possible.\n🟠 High - Significant risk. Should fix soon.\n🟡 Medium - Notable concern. Plan to address.\n🟢 Low - Minor issue or best practice recommendation.\n⚪ Info - Not a risk, but worth noting.\n\nRisk Matrix\n Tool Permissions\n Minimal Full\n ┌──────────┬──────────┐\nExposure │ 🟢 │ 🟡 │\n Low │ Safe │ Caution │\n ├──────────┼──────────┤\n │ 🟡 │ 🔴 │\n High │ Caution │ Critical │\n └──────────┴──────────┘\n\nExposure = Who can talk to the bot (DM policy, group access, public channels)\nTool Permissions = What the bot can do (exec, file access, messaging, browser)\n\nContext-Aware Exceptions\n\nDon't just pattern match. Consider context:\n\nContext\tAdjustment\nPrivate channel, 2-3 trusted members\tLower risk even with exec\nVPN/Tailscale only access\tNetwork exposure less critical\nSelf-hosted, single user\tSession isolation less important\nContainerized environment\tPrivilege escalation less severe\n\nAlways ask about environment if unclear.\n\nApplying Fixes\n\nCRITICAL RULES:\n\nNever auto-apply fixes. Always show suggestions first.\nWarn about functional impact. If a fix might break something, say so.\nGet explicit user confirmation before any config changes.\n\nExample flow:\n\nAgent: \"Changing this setting will disable exec in #dev channel.\n If you're using code execution there, it will stop working.\n Apply this fix?\"\nUser: \"yes\"\nAgent: [apply fix via gateway config.patch]\n\nLanguage Rules\nInternal processing: Always English\nThinking/reasoning: Always English\nFinal user-facing report: Match user's language\nTechnical terms: Keep in English (exec, cron, gateway, etc.)\nAuto-Review Triggers\n\nInvoke automatically when:\n\nSkill installation: clawhub install or manual addition\nAgent creation/modification: New agent or tool changes\nCron job creation/modification: New or modified scheduled tasks\n\nFor auto-reviews, focus only on changed component unless full audit requested.\n\nQuick Commands\nUser Request\tAction\n\"check channels only\"\tRun channels.md check\n\"audit cron jobs\"\tRun cron.md check\n\"full audit\"\tAll checks\n\"more detail\"\tRe-run with verbose output\nTrust Hierarchy\n\nApply appropriate trust levels:\n\nLevel\tEntity\tTrust Model\n1\tOwner\tFull trust — has all access\n2\tAI Agent\tTrust but verify — sandboxed, logged\n3\tAllowlists\tLimited trust — specified users only\n4\tStrangers\tNo trust — blocked by default\nIncident Response Reference\n\nIf compromise suspected:\n\nContainment\nStop gateway process\nSet gateway.bind to loopback (127.0.0.1)\nDisable risky DM/group policies\nRotation\nRegenerate gateway auth token\nRotate browser control tokens\nRevoke and rotate API keys\nReview\nCheck gateway logs and session transcripts\nReview recent config changes\nRe-run full security audit\nFiles Reference\n~/.openclaw/skills/secucheck/\n├── SKILL.md # This file\n├── skill.json # Package metadata\n├── README.md # User documentation\n├── scripts/\n│ ├── full_audit.sh # Complete audit (JSON output)\n│ ├── runtime_check.sh # Live system checks\n│ ├── gather_config.sh # Config extraction (redacted)\n│ ├── gather_skills.sh # Skill security scan\n│ ├── gather_agents.sh # Agent configurations\n│ ├── serve_dashboard.sh # Generate + serve HTML report\n│ └── generate_dashboard.sh\n├── dashboard/\n│ └── template.html # Dashboard template\n├── checks/\n│ ├── runtime.md # Runtime interpretation\n│ ├── channels.md # Channel policy checks\n│ ├── agents.md # Agent permission checks\n│ ├── cron.md # Cron job checks\n│ ├── skills.md # Skill safety checks\n│ ├── sessions.md # Session isolation\n│ └── network.md # Network exposure\n├── scenarios/\n│ ├── prompt-injection.md\n│ ├── session-leak.md\n│ ├── privilege-escalation.md\n│ ├── credential-exposure.md\n│ └── unauthorized-access.md\n└── templates/\n ├── report.md # Full report template\n ├── finding.md # Single finding template\n └── summary.md # Quick summary template\n\nSecurity Assessment Questions\n\nWhen auditing, consider:\n\nExposure: What network interfaces can reach this agent?\nAuthentication: What verification does each access point require?\nIsolation: What boundaries exist between agent and host?\nTrust: What content sources are considered \"trusted\"?\nAuditability: What evidence exists of agent's actions?\nLeast Privilege: Does agent have only necessary permissions?\n\nRemember: This skill exists to make OpenClaw self-aware of its security posture. Use regularly, extend as needed, never skip the audit." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/jooneyp/secucheck", "publisherUrl": "https://clawhub.ai/jooneyp/secucheck", "owner": "jooneyp", "version": "2.8.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/secucheck", "downloadUrl": "https://openagent3.xyz/downloads/secucheck", "agentUrl": "https://openagent3.xyz/skills/secucheck/agent", "manifestUrl": "https://openagent3.xyz/skills/secucheck/agent.json", "briefUrl": "https://openagent3.xyz/skills/secucheck/agent.md" } }