Linux Security Scanner
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: linux-security-scanner Version: 1.0.0 The bundle is a standard Linux security auditing tool that performs read-only checks on system configuration and logs. The script 'scripts/security-audit.sh' audits SSH settings, firewall rules, listening ports, sudoers permissions, and SUID binaries using native Linux commands without any evidence of data exfiltration, persistence mechanisms, or malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the full audit can expose a detailed snapshot of local services, firewall state, privileged files, and login activity in the terminal output.
The script performs broad local enumeration of SUID files across the filesystem, which is appropriate for a security audit but can be slow and reveals host configuration details.
local suid_list=$(find / -perm -4000 -type f 2>/dev/null | sort)
Run it only on systems you own or administer, review output before sharing it, and use individual checks if you do not want a full-system audit.
If run with sudo/root, the script can access privileged security logs and configuration details that may include usernames, source IPs, services, and sudo access rules.
The skill explicitly discloses that elevated privileges may be needed to read failed-login logs and process details.
Requires root/sudo for some checks (failed-logins reads /var/log/btmp, ss shows process info)
Use sudo only when you need the privileged checks, and treat generated output as sensitive system-administration data.
Users have less provenance information for deciding whether to trust the script, especially if they plan to run it with elevated privileges.
The registry metadata does not provide a source repository or homepage for provenance, although the provided artifacts include the visible script and no external install step.
Source: unknown; Homepage: none
Inspect the bundled script before use and avoid running it with sudo unless you are comfortable with its local audit commands.