# Send Secucheck to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "secucheck",
    "name": "Secucheck",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/jooneyp/secucheck",
    "canonicalUrl": "https://clawhub.ai/jooneyp/secucheck",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/secucheck",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secucheck",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "README.md",
      "SKILL.md",
      "_meta.json",
      "checks/agents.md",
      "checks/channels.md",
      "checks/cron.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "secucheck",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T14:04:51.576Z",
      "expiresAt": "2026-05-06T14:04:51.576Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secucheck",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secucheck",
        "contentDisposition": "attachment; filename=\"secucheck-2.8.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "secucheck"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/secucheck"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/secucheck",
    "downloadUrl": "https://openagent3.xyz/downloads/secucheck",
    "agentUrl": "https://openagent3.xyz/skills/secucheck/agent",
    "manifestUrl": "https://openagent3.xyz/skills/secucheck/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/secucheck/agent.md"
  }
}
```
## Documentation

### secucheck - OpenClaw Security Audit

Comprehensive security audit skill for OpenClaw deployments. Analyzes configuration, permissions, exposure risks, and runtime environment with context-aware recommendations.

### Summary

secucheck performs read-only security audits of your OpenClaw setup:

7 audit domains: Runtime, Channels, Agents, Cron Jobs, Skills, Sessions, Network
3 expertise levels: Beginner (analogies), Intermediate (technical), Expert (attack vectors)
Context-aware: Considers VPN, single-user, self-hosted scenarios
Runtime checks: Live system state (network exposure, containers, privileges)
Dashboard: Visual HTML report with security score
Localized output: Final report matches user's language

Never modifies configuration automatically. All fixes require explicit user confirmation.

### Installation

clawhub install secucheck

### Usage

Ask your OpenClaw agent:

"security audit"
"secucheck"
"run security check"

### Expertise Levels

When prompted, choose your level:

Beginner - Simple analogies, no jargon
Intermediate - Technical details, config examples
Expert - Attack vectors, edge cases, CVEs

All levels run the same checks—only explanation depth varies.

### Dashboard

"show dashboard" / "visual report"

Opens an HTML report in your browser.

### Example Output

🔒 Security Audit Results

🟡 Needs Attention

| Severity | Count |
|----------|-------|
| 🔴 Critical | 0 |
| 🟠 High | 0 |
| 🟡 Medium | 2 |
| 🟢 Low | 3 |

### 🟡 Agent "molty": exec + external content processing
...

### Features

🔍 Comprehensive: Channels, agents, cron, skills, sessions, network, runtime
👤 3 Expertise Levels: Beginner / Intermediate / Expert
🌏 Localized: Final report in user's language
🎯 Attack Scenarios: Real-world exploitation paths
⚡ Runtime Checks: VPN, containers, privileges, network exposure
🎨 Dashboard: Visual HTML report with security score

### Agent Instructions

Everything below is for the agent executing this skill.

### When to Use

Trigger this skill when:

User requests security checkup/audit
Auto-trigger: Installing skills, creating/modifying agents, adding/modifying cron jobs
Periodic review (recommended: weekly)

### Expertise Levels

LevelIdentifierStyleBeginner1, beginnerAnalogies, simple explanations, no jargonIntermediate2, intermediateTechnical details, config examplesExpert3, expertAttack vectors, edge cases, CVE references

### Step 1: Ask Level (before running anything)

Present options in user's language. Example (English):

What level of technical detail do you prefer?

1. 🌱 Beginner - I'll explain simply with analogies
2. 💻 Intermediate - Technical details and config examples
3. 🔐 Expert - Include attack vectors and edge cases

📌 All levels run the same checks—only explanation depth varies.

STOP HERE. Wait for user response.

### Step 2: Run Audit

bash ~/.openclaw/skills/secucheck/scripts/full_audit.sh

Returns JSON with findings categorized by severity.

### Step 3: Format Output

Parse JSON output and format based on user's expertise level.
Final report must be in user's language.

Report Structure (Organize by Category)

🔒 Security Audit Results

📊 Summary Table
| Severity | Count |
|----------|-------|
| 🔴 Critical | X |
| ...

⚡ Runtime
- [findings related to RUNTIME category]

🤖 Agents  
- [findings related to AGENT category]

📁 Workspace
- [findings related to WORKSPACE category]

🧩 Skills
- [findings related to SKILL category]

📢 Channels
- [findings related to CHANNEL category]

🌐 Network
- [findings related to NETWORK category]

Group findings by their category field, not just severity.
Within each category, show severity icon and explain.

### Step 4: Auto-Open Dashboard

After text report, automatically generate and serve dashboard:

bash ~/.openclaw/skills/secucheck/scripts/serve_dashboard.sh

The script returns JSON with url (LAN IP) and local_url (localhost).
Use the url field (not localhost) when telling the user — they may access from another device.

Example:

📊 대시보드도 열었어요: http://192.168.1.200:8766/secucheck-report.html

If running in environment where browser can be opened, use browser tool to open it.

### Cross-Platform Support

Scripts run on Linux, macOS, and WSL. Check the JSON output for platform info:

{
  "os": "linux",
  "os_variant": "ubuntu",
  "in_wsl": false,
  "in_dsm": false,
  "failed_checks": ["external_ip"]
}

### Platform Detection

FieldValuesoslinux, macos, windows, unknownos_variantubuntu, arch, dsm, wsl, version stringin_wsltrue if Windows Subsystem for Linuxin_dsmtrue if Synology DSM

### Handling Failed Checks

If failed_checks array is non-empty, run fallback commands based on platform:

Network Info Fallbacks

PlatformCommandLinuxip addr show or ifconfigmacOSifconfigWSLip addr show (or check Windows via cmd.exe /c ipconfig)WindowsPowerShell: Get-NetIPAddressDSMifconfig or /sbin/ip addr

Gateway Binding Fallbacks

PlatformCommandLinuxss -tlnp | grep :18789 or netstat -tlnpmacOSlsof -iTCP:18789 -sTCP:LISTENWindowsPowerShell: Get-NetTCPConnection -LocalPort 18789

File Permissions Fallbacks

PlatformCommandLinux/macOSls -la ~/.openclawWindowsPowerShell: Get-Acl $env:USERPROFILE\\.openclaw

### Windows Native Support

If os is windows and scripts fail completely:

Use PowerShell commands directly:

# Network exposure
Get-NetTCPConnection -LocalPort 18789 -State Listen

# File permissions
Get-Acl "$env:USERPROFILE\\.openclaw"

# Process info
Get-Process | Where-Object {$_.Name -like "*openclaw*"}

Report what you can check and note Windows-specific limitations.

### Minimal Environments (Docker, DSM)

Some environments lack tools. Check output and supplement:

Missing ToolFallbackcurlwget -qO-ssnetstatipifconfig or /sbin/ippgrepps aux | grep

### Agent Decision Flow

1. Run full_audit.sh
2. Check "failed_checks" in output
3. For each failed check:
   a. Identify platform from os/os_variant
   b. Run platform-specific fallback command
   c. Incorporate results into report
4. Note any checks that couldn't complete

### Dashboard Generation

When user requests visual report:

bash ~/.openclaw/skills/secucheck/scripts/serve_dashboard.sh

Returns:

{
  "status": "ok",
  "url": "http://localhost:8766/secucheck-report.html",
  "pid": 12345
}

Provide URL directly to user.

### Detailed Check References

Read these only when deep explanation needed:

FileDomainchecks/runtime.mdLive system statechecks/channels.mdChannel policieschecks/agents.mdAgent permissionschecks/cron.mdScheduled jobschecks/skills.mdInstalled skillschecks/sessions.mdSession isolationchecks/network.mdNetwork configuration

### Attack Scenario Templates

Use these for expert-level explanations:

FileScenarioscenarios/prompt-injection.mdExternal content manipulationscenarios/session-leak.mdCross-session data exposurescenarios/privilege-escalation.mdTool permission abusescenarios/credential-exposure.mdSecret leakagescenarios/unauthorized-access.mdAccess control bypass

### Risk Levels

🔴 Critical - Immediate action required. Active exploitation possible.
🟠 High     - Significant risk. Should fix soon.
🟡 Medium   - Notable concern. Plan to address.
🟢 Low      - Minor issue or best practice recommendation.
⚪ Info     - Not a risk, but worth noting.

### Risk Matrix

Tool Permissions
              Minimal       Full
         ┌──────────┬──────────┐
Exposure │   🟢     │   🟡     │
  Low    │  Safe    │  Caution │
         ├──────────┼──────────┤
         │   🟡     │   🔴     │
  High   │ Caution  │ Critical │
         └──────────┴──────────┘

Exposure = Who can talk to the bot (DM policy, group access, public channels)
Tool Permissions = What the bot can do (exec, file access, messaging, browser)

### Context-Aware Exceptions

Don't just pattern match. Consider context:

ContextAdjustmentPrivate channel, 2-3 trusted membersLower risk even with execVPN/Tailscale only accessNetwork exposure less criticalSelf-hosted, single userSession isolation less importantContainerized environmentPrivilege escalation less severe

Always ask about environment if unclear.

### Applying Fixes

CRITICAL RULES:

Never auto-apply fixes. Always show suggestions first.
Warn about functional impact. If a fix might break something, say so.
Get explicit user confirmation before any config changes.

Example flow:

Agent: "Changing this setting will disable exec in #dev channel.
        If you're using code execution there, it will stop working.
        Apply this fix?"
User: "yes"
Agent: [apply fix via gateway config.patch]

### Language Rules

Internal processing: Always English
Thinking/reasoning: Always English
Final user-facing report: Match user's language
Technical terms: Keep in English (exec, cron, gateway, etc.)

### Auto-Review Triggers

Invoke automatically when:

Skill installation: clawhub install <skill> or manual addition
Agent creation/modification: New agent or tool changes
Cron job creation/modification: New or modified scheduled tasks

For auto-reviews, focus only on changed component unless full audit requested.

### Quick Commands

User RequestAction"check channels only"Run channels.md check"audit cron jobs"Run cron.md check"full audit"All checks"more detail"Re-run with verbose output

### Trust Hierarchy

Apply appropriate trust levels:

LevelEntityTrust Model1OwnerFull trust — has all access2AI AgentTrust but verify — sandboxed, logged3AllowlistsLimited trust — specified users only4StrangersNo trust — blocked by default

### Incident Response Reference

If compromise suspected:

### Containment

Stop gateway process
Set gateway.bind to loopback (127.0.0.1)
Disable risky DM/group policies

### Rotation

Regenerate gateway auth token
Rotate browser control tokens
Revoke and rotate API keys

### Review

Check gateway logs and session transcripts
Review recent config changes
Re-run full security audit

### Files Reference

~/.openclaw/skills/secucheck/
├── SKILL.md              # This file
├── skill.json            # Package metadata
├── README.md             # User documentation
├── scripts/
│   ├── full_audit.sh     # Complete audit (JSON output)
│   ├── runtime_check.sh  # Live system checks
│   ├── gather_config.sh  # Config extraction (redacted)
│   ├── gather_skills.sh  # Skill security scan
│   ├── gather_agents.sh  # Agent configurations
│   ├── serve_dashboard.sh # Generate + serve HTML report
│   └── generate_dashboard.sh
├── dashboard/
│   └── template.html     # Dashboard template
├── checks/
│   ├── runtime.md        # Runtime interpretation
│   ├── channels.md       # Channel policy checks
│   ├── agents.md         # Agent permission checks
│   ├── cron.md           # Cron job checks
│   ├── skills.md         # Skill safety checks
│   ├── sessions.md       # Session isolation
│   └── network.md        # Network exposure
├── scenarios/
│   ├── prompt-injection.md
│   ├── session-leak.md
│   ├── privilege-escalation.md
│   ├── credential-exposure.md
│   └── unauthorized-access.md
└── templates/
    ├── report.md         # Full report template
    ├── finding.md        # Single finding template
    └── summary.md        # Quick summary template

### Security Assessment Questions

When auditing, consider:

Exposure: What network interfaces can reach this agent?
Authentication: What verification does each access point require?
Isolation: What boundaries exist between agent and host?
Trust: What content sources are considered "trusted"?
Auditability: What evidence exists of agent's actions?
Least Privilege: Does agent have only necessary permissions?

Remember: This skill exists to make OpenClaw self-aware of its security posture. Use regularly, extend as needed, never skip the audit.
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: jooneyp
- Version: 2.8.0
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-29T14:04:51.576Z
- Expires at: 2026-05-06T14:04:51.576Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/secucheck)
- [Send to Agent page](https://openagent3.xyz/skills/secucheck/agent)
- [JSON manifest](https://openagent3.xyz/skills/secucheck/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/secucheck/agent.md)
- [Download page](https://openagent3.xyz/downloads/secucheck)