MH healthcheck
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only host-hardening skill is coherent and approval-oriented, but users should notice that it guides local security inspection and may propose high-impact system changes.
This skill appears suitable for a user-directed security audit. Before installing or using it, be prepared for the agent to inspect local host security settings, and do not approve firewall, SSH, update, or OpenClaw fix actions unless the proposed commands, access impact, and rollback plan are clear.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect local OS, network listening ports, firewall state, backup status, and related security settings.
The skill authorizes the agent to run local host-inspection commands after a single read-only permission prompt. This is appropriate for a security audit but still expands the agent's operational reach into local system diagnostics.
First ask once for permission to run read-only checks. If granted, run them by default ... Listening ports: ... Firewall status: ... Backups
Grant read-only checks only if you are comfortable sharing local security posture with the agent, and review command output before approving any changes.
If run with administrator privileges, approved hardening steps could materially change host configuration or access behavior.
The workflow includes assessing whether the agent is operating with administrative privileges. That is relevant to host hardening, but admin context can make later actions higher impact.
Determine ... Privilege level (root/admin vs user).
Use the least privilege needed for assessment, and only elevate privileges for specific, reviewed remediation steps.
Firewall or SSH changes could lock out remote users if applied incorrectly.
The skill acknowledges that host hardening, especially remote-access changes, can affect availability. The visible instructions include safeguards, making this a managed note rather than a concern.
Do not modify remote access settings without confirming how the user connects. Prefer reversible, staged changes with a rollback plan.
Before approving remote-access or firewall changes, confirm your current access method and keep a rollback or console-access plan available.