Host Security Audit

The skill's code and instructions are consistent with a host security audit: it reads local system state and OpenClaw config, reports findings, and does not attempt to exfiltrate data or require unrelated credentials.

This skill appears coherent for a local host audit, but review before running. Specifically: 1) Inspect scripts/security-audit.sh yourself — it will read ${HOME}/.openclaw/* and other system state (process list, ports, disk, firewall status). 2) Run it with least privilege (don't run as root unless needed) and test in a safe environment first. 3) If you schedule cron jobs, ensure the scheduled job runs under the intended user and that any delivered reports are sent only to trusted destinations (the SKILL.md does not define an external reporting endpoint). 4) If you store sensitive OpenClaw secrets, consider temporarily moving them or running the audit in a controlled context. 5) If you rely on exact checks (npm view openclaw, brew, tmutil), be aware those commands may contact external services; allow or restrict network access accordingly.