ClawHub

Security Monitor Deploy

v1.0.0

Comprehensive security audit for OpenClaw deployments. Checks Docker port bindings, SSH config, openclaw.json settings, file permissions, exposed services, a...

0· 570·0 current·0 all-time
by@aiwithabidi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description claim a local security audit. The skill only requires the docker binary and its script inspects OpenClaw config files, Docker, SSH, firewall, listening services, and file permissions — all consistent with an audit tool. No unrelated credentials or binaries are requested.
Instruction Scope
The SKILL.md instructs the agent to run the included shell script which enumerates and inspects local files (/root/.openclaw/openclaw.json, ~/.openclaw, /etc/ssh/sshd_config, /var/run/docker.sock, SSH key dirs, .env files) and runs docker/ss/netstat/iptables/ufw commands. This is expected for a security audit, but these actions access sensitive local files and system state — the script checks permissions and configuration but generally does not display full private key contents in the portions shown. The SKILL.md and script are consistent, but the script was truncated in the review so the full behavior could not be confirmed.
Install Mechanism
No install spec; this is instruction-only with a bundled script. Nothing is downloaded or written to disk by an installer. This is the lower-risk pattern for skills that are local-audit focused.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. However, the script reads various sensitive files and system resources (openclaw.json, .env files, SSH key paths, Docker socket and container details). Those accesses are proportionate to an auditing tool but are inherently sensitive — running the script gives it the ability to inspect local secrets and container metadata (Docker inspect can reveal container environment variables).
Persistence & Privilege
The skill is not always-enabled and does not request persistent presence or modify other skills. It runs as a one-off script when invoked. The agent's autonomous invocation capability is default and not combined with other concerning privileges here.
Assessment
This skill appears to do what it says: a local security audit. Before installing or running it: 1) Review the entire scripts/security_audit.sh file yourself (the provided content was truncated in the review). 2) Run it on a non-production or disposable system first (or inside an isolated container/VM) so you don't expose real secrets during testing. 3) Note it inspects /var/run/docker.sock and may run docker inspect/ps — if your Docker containers hold secrets in environment variables, the audit may see them. 4) Confirm you trust the unknown publisher/homepage; if unsure, ask for source provenance or run the script under restricted privileges. 5) If you need higher assurance, have someone with shell experience audit the remainder of the script for any unexpected network calls, obfuscated behavior, or commands that read or transmit file contents.

Like a lobster shell, security has layers — review code before you run it.

agxntsixvk976d1zeknksntm606s97mrpeh817nvjlatestvk976d1zeknksntm606s97mrpeh817nvj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
Binsdocker

Comments