OpenClaw Security Audit
v1.1.0Scan your OpenClaw configuration for security risks and harden it with guided fixes. Supports three hardening levels. Use when asked to "security check", "安全...
⭐ 1· 43·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description match the behavior in SKILL.md: it reads ~/.openclaw/openclaw.json, checks gateway, channels, agents, permissions, sandboxing and models, and offers hardening plans. All requested actions (read, exec, edit) are proportionate to an on-host security audit tool.
Instruction Scope
Instructions explicitly tell the agent to read the OpenClaw config and run stat on ~/.openclaw, produce a detailed report, and (per README) back up configs, edit configuration items, and restart the Gateway when applying a hardening plan. Those actions are within audit/hardening scope but are intrusive: they read sensitive config (which may contain API keys) and may publish full config contents in the report. The SKILL.md gives broad discretion to apply changes after plan selection — ensure explicit user consent and prefer a dry-run or manual confirmation.
Install Mechanism
Instruction-only skill with no install spec and no code files. Lowest install risk; nothing is downloaded or written by an install mechanism.
Credentials
The skill requests no environment variables or external credentials, which is consistent. However, it will read local configuration files that typically contain secrets (API keys, tokens). That local access is expected for this purpose but is sensitive — treat any generated report containing config contents as exposing secrets.
Persistence & Privilege
always is false and there are no OS restrictions. The skill relies on the agent's built-in tools (read/exec/edit). Autonomous invocation is allowed by platform default (not a special privilege here). The real privilege risk is runtime: the skill instructs the agent to make on-host changes (editing configs, restarting services). This is expected for hardening, but it elevates the potential impact if misused or if the agent itself is compromised.
Assessment
This skill appears to do what it says (local OpenClaw security audit and automated hardening), but it is intrusive: it reads your OpenClaw config (which commonly contains API keys and secrets), can edit that config, back it up, and restart the Gateway. Before installing or running it, consider the following:
- Review the SKILL.md and README to confirm you understand which files will be read and changed (~/.openclaw/openclaw.json and the ~/.openclaw directory).
- Ensure the agent/process that will run the skill has least-privilege access (so edits/restarts are possible only if you intend them).
- Insist on an interactive workflow: require the agent to produce a findings report and ask for explicit user confirmation before applying any changes (prefer a dry-run first).
- Treat any generated report that contains full config contents as sensitive — do not paste it into public chats or logs. Scrub secrets (API keys, tokens) before sharing outside the host.
- If you prefer lower risk, run the checks manually (read the config and run stat yourself) or run the skill in an isolated/test environment first.
If you want a deeper assessment, provide the SKILL.md’s full unchanged text or show a sample openclaw.json (sanitized) so I can point out which specific fields the skill will access and change.Like a lobster shell, security has layers — review code before you run it.
latestvk97bfm0jjry0mw2zh3nmy8h3f183yehn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.