security-audit-assistant

This skill appears to perform the stated local security checks and does not request credentials or external network access, but exercise caution before running on production servers. Specifically: - Test on a single non-production node first: run the audit in report-only mode (do not apply fixes automatically). Verify the generated recommendations are correct for your OS. - Do not run the provided fix commands blindly. Several sed replacement expressions in the packaged fixes are malformed and could corrupt sshd_config or other files and potentially lock you out of SSH. Always create a backup of affected config files (e.g., /etc/ssh/sshd_config.bak) before applying fixes. - Ensure you have console or out-of-band access (serial/console) before applying changes that restart SSH. - The SKILL.md promises "one-click fixes" but the included script only prints commands; confirm whether the skill will ever execute fixes automatically (review the runtime behavior in your OpenClaw environment). The hook permission node:exec means future updates could add auto-fix behavior—review code after updates and restrict scheduling if you don't want automated remediation. - Check OS compatibility: some fixes use apt even when centos/rhel are in supported lists. Confirm package manager commands are appropriate for the target OS before applying. - If you plan to use scheduled audits, review the cron configuration that will be created and ensure reports and any notifications go only where you expect. If you are not comfortable auditing the code yourself, run this only on staging systems or consult a sysadmin to inspect/patch the fix commands (correct sed patterns, add config backups, validate changes, add dry-run and explicit apply flags).