ClawHub

Abaddon

Red team security mode for OpenClaw. Runs an adversarial audit on demand or nightly — checks exposed ports, credential leaks, file permissions, suspicious processes, and OpenClaw config posture. Assigns a letter grade. Built for macOS deployments.

Audits

Warn
ClawScanWarn

Agentic behavior and permission review.

Static analysisPending

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install abaddon

Abaddon ⚔️

Most security audits are defensive — they check what you've locked down. Abaddon runs the other direction. It thinks like an attacker. It looks for what an adversary would find, not just what you remember to check.

On demand or every night at 3:45 AM. Letter grade every time.

What It Checks

Network & Exposure

  • Listening ports — anything bound to 0.0.0.0 is flagged
  • Gateway binding — should be loopback only
  • SSH Remote Login state
  • Active tunnels (ngrok, cloudflared, unexpected remote access)
  • Firewall and stealth mode

System Integrity

  • SIP, FileVault, Gatekeeper
  • macOS version + pending updates
  • XProtect / MRT definitions age

OpenClaw Configuration

  • Exec security mode (full / allowlist / deny)
  • Gateway auth enabled?
  • Unexpected cron entries
  • Unexpected plugins

File Permissions

  • SOUL.md + AGENTS.md: root-owned, 444
  • MEMORY.md, USER.md, AGENT_PROMPT.md, openclaw.json, cron/jobs.json, LaunchAgent plists: 600
  • Flags anything 644 or wider on sensitive paths
  • Plaintext key scan across workspace

API Key Handling

  • Keys in Keychain or flat files?
  • Keys leaking through env vars?
  • Secrets in git history?
  • Hardcoded tokens in .zshrc?

Agent Behavior

  • Memory injection scan (prompt injection attempts in memory files)
  • Sub-agent scope check
  • Unexpected agent permissions

Dependencies

  • Homebrew outdated (flags openclaw, ollama, node)
  • npm global outdated

Scoring

GradeCriteria
A0 CRITICAL, 0 HIGH
B0 CRITICAL, 1–2 HIGH
C1 CRITICAL or 3+ HIGH
D2+ CRITICAL
FActive compromise indicators

Installation

Step 1 — Copy the Abaddon prompt into your agent

If you have Gideon (the OpenClaw observer agent), append the red team section:

cat skills/abaddon/templates/abaddon-prompt.md >> ~/.openclaw/workspace/agents/observer/AGENT_PROMPT.md

If you don't have Gideon, use the standalone agent prompt:

cp skills/abaddon/templates/abaddon-prompt.md ~/.openclaw/workspace/agents/abaddon/AGENT_PROMPT.md

Step 2 — Add the nightly cron

bash skills/abaddon/setup/cron-seed.sh

This adds a 3:45 AM CST cron job to ~/.openclaw/cron/jobs.json. Delivers to Telegram Security topic if configured.

Step 3 — Lock the agent prompt

chmod 600 ~/.openclaw/workspace/agents/observer/AGENT_PROMPT.md

Your detection playbook should never be world-readable.

Usage

Manual trigger — say any of:

  • "run red team"
  • "run Abaddon"
  • "run full assessment"
  • "Abaddon report"

Nightly — fires automatically at 3:45 AM CST after the standard defensive audit (3:30 AM).

Output

Every run produces two things:

  1. Technical reportmemory/audits/abaddon-YYYY-MM-DD.md — full command output, evidence, remediation steps
  2. Summary → posted to Telegram Security topic with letter grade

CRITICAL findings trigger an immediate DM alert.

Notes

  • Designed for macOS (Darwin arm64). Most checks work on Linux with minor path adjustments.
  • Assumes OpenClaw gateway is running locally. Remote deployments may need adjusted port/binding checks.
  • Pairs with enoch-tuning — run lock-identity.sh after install to enforce all file permission baselines in one pass.