{"skill":{"slug":"security-audit-tianjin","displayName":"Security Audit Tianjin","summary":"Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.","description":"---\nname: security-audit\ndescription: Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.\n---\n\n# Security Audit Skill\n\n## When to use\n\nRun a security audit to identify vulnerabilities in your Clawdbot setup before deployment or on a schedule. Use auto-fix to remediate common issues automatically.\n\n## Setup\n\nNo external dependencies required. Uses native system tools where available.\n\n## How to\n\n### Quick audit (common issues)\n\n```bash\nnode skills/security-audit/scripts/audit.cjs\n```\n\n### Full audit (comprehensive scan)\n\n```bash\nnode skills/security-audit/scripts/audit.cjs --full\n```\n\n### Auto-fix common issues\n\n```bash\nnode skills/security-audit/scripts/audit.cjs --fix\n```\n\n### Audit specific areas\n\n```bash\nnode skills/security-audit/scripts/audit.cjs --credentials      # Check for exposed API keys\nnode skills/security-audit/scripts/audit.cjs --ports            # Scan for open ports\nnode skills/security-audit/scripts/audit.cjs --configs          # Validate configuration\nnode skills/security-audit/scripts/audit.cjs --permissions      # Check file permissions\nnode skills/security-audit/scripts/audit.cjs --docker           # Docker security checks\n```\n\n### Generate report\n\n```bash\nnode skills/security-audit/scripts/audit.cjs --full --json > audit-report.json\n```\n\n## Output\n\nThe audit produces a report with:\n\n| Level | Description |\n|-------|-------------|\n| 🔴 CRITICAL | Immediate action required (exposed credentials) |\n| 🟠 HIGH | Significant risk, fix soon |\n| 🟡 MEDIUM | Moderate concern |\n| 🟢 INFO | FYI, no action needed |\n\n## Checks Performed\n\n### Credentials\n- API keys in environment files\n- Tokens in command history\n- Hardcoded secrets in code\n- Weak password patterns\n\n### Ports\n- Unexpected open ports\n- Services exposed to internet\n- Missing firewall rules\n\n### Configs\n- Missing rate limiting\n- Disabled authentication\n- Default credentials\n- Open CORS policies\n\n### Files\n- World-readable files\n- Executable by anyone\n- Sensitive files in public dirs\n\n### Docker\n- Privileged containers\n- Missing resource limits\n- Root user in container\n\n## Auto-Fix\n\nThe `--fix` option automatically:\n- Sets restrictive file permissions (600 on .env)\n- Secures sensitive configuration files\n- Creates .gitignore if missing\n- Enables basic security headers\n\n## Related skills\n\n- `security-monitor` - Real-time monitoring (available separately)\n","tags":{"latest":"1.0.1"},"stats":{"comments":0,"downloads":745,"installsAllTime":1,"installsCurrent":1,"stars":0,"versions":2},"createdAt":1773627835551,"updatedAt":1779000532771},"latestVersion":{"version":"1.0.1","createdAt":1773627896852,"changelog":"- Updated metadata in _meta.json; no functional or documentation changes.\n- All skill usage, setup, and audit instructions remain the same.","license":"MIT-0"},"metadata":null,"owner":{"handle":"tianjin-ren","userId":"s17cscba5zaa18h4gwjegpz9as8408z5","displayName":"tianjin-ren","image":"https://avatars.githubusercontent.com/u/191457384?v=4"},"moderation":null}