OpenClaw Security Audit
v1.0.0审计本地 openclaw 的安全配置与运行暴露面。用于检查、验证、解释和总结当前机器或沙箱中的 openclaw 相关安全设置,包括代理配置、sandbox 配置、docker 端口暴露、gateway 检查、文件权限、workspace symlink 风险、本地监听端口以及整体本地安全状态。
⭐ 0· 246·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description describe a local OpenClaw security audit and the included modules match that purpose: they read configuration files, scan workspace symlinks, check file permissions, inspect Docker ports, and call local OpenClaw diagnostic commands. Required capabilities (access to local files and system commands) align with the stated goal.
Instruction Scope
SKILL.md prescribes running the bundled local check modules and summarizing their findings. The modules operate on local files and local CLI tools (openclaw, docker, ss/netstat) and print JSON results. There are no steps that attempt to read arbitrary unrelated locations, contact external endpoints, or modify system configuration. The skill correctly documents failure handling and audit limitations.
Install Mechanism
There is no install spec and no network downloads. The skill is delivered as source scripts and the runtime behavior is limited to running local commands. This is the lowest-risk install pattern for this kind of tool.
Credentials
The skill declares no required environment variables, but several scripts optionally honor OPENCLAW_WORKSPACE to locate config/workspace (this is reasonable for configurability). The scripts read local config paths (e.g., ~/.openclaw, /etc/openclaw, /etc/nginx, /etc/caddy) and run system commands (docker, openclaw, ss/netstat). That access is necessary for an audit tool, but it means running the skill will expose local configuration and command output (which may contain secrets) to the invoking agent — a legitimate but sensitive capability that the user should be aware of.
Persistence & Privilege
The skill does not request always:true, does not declare persistent system-wide changes, and its modules run as ephemeral read-only checks. It invokes local commands but does not attempt to modify other skills or global agent configuration.
Assessment
This skill appears to do what it says: read local OpenClaw configs, scan workspace symlinks, check Docker port mappings, call local OpenClaw diagnostic commands, and report findings as JSON. Before running it, consider: 1) it will read local config files (e.g., ~/.openclaw, /etc/openclaw, /etc/nginx, /etc/caddy) and run local commands (openclaw, docker, ss/netstat). Those outputs can contain sensitive tokens or paths — treat results as sensitive. 2) The optional OPENCLAW_WORKSPACE env var is used by scripts but not declared as required; set it if you want the tool to target a specific workspace. 3) Run the skill in a safe environment (non-production or isolated VM) if you are concerned about exposing secrets to the agent, and review the included scripts yourself (they are short and readable). 4) The skill is read-only in code, but the agent capturing its stdout will see any sensitive content the scripts print, so avoid running it with elevated/overbroad agent permissions if you do not trust the agent. Overall, the package is coherent and appropriate for its auditing purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk973pjs5vjmwcsszx9q7pwf01d82tc6b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.