ClawHub

ClawGears

v1.0.2

Conduct security audits for OpenClaw-based AI assistants on macOS to detect exposure risks, weak tokens, sensitive commands, and IP leaks.

0· 302·0 current·0 all-time
by@jinhanai

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jinhanai/clawgears-securityaudit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ClawGears" (jinhanai/clawgears-securityaudit) from ClawHub.
Skill page: https://clawhub.ai/jinhanai/clawgears-securityaudit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install clawgears-securityaudit

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawgears-securityaudit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (macOS OpenClaw security audit) matches the code and SKILL.md: it inspects OpenClaw config, logs, macOS TCC database, checks firewall/FileVault/SIP, tests ports, and can apply fixes. Minor inconsistency: registry metadata listed no required binaries, but SKILL.md explicitly requires macOS tools (python3, curl, lsof, pgrep/pkill, openssl, socketfilterfw). That mismatch should be corrected but does not indicate malicious intent.
Instruction Scope
Runtime instructions and bundled scripts operate within the stated audit/fix scope: reading ~/.openclaw/openclaw.json and gateway logs, querying public-IP services, checking TCC DB, running lsof/pgrep, and optionally modifying the OpenClaw config and firewall. No instructions attempt to read unrelated system secrets or contact unexpected external endpoints beyond the stated exposure checks.
Install Mechanism
There is no external install/download step; code is bundled with the skill (shell scripts). No archive downloads or obscure external installers are used. Because scripts are shipped with the skill, they will run locally when invoked — review the included scripts before execution.
Credentials
The skill requests no environment variables, which is appropriate. It does, however, read highly sensitive local artifacts (OpenClaw config which may contain tokens, TCC.db entries) and sends your public IP to openclaw.allegro.earth (and uses public IP services like api.ipify.org). Those actions are proportionate to an exposure audit but are privacy-sensitive — the SKILL.md does disclose this. Confirm you trust the external exposure service before running checks that contact it.
Persistence & Privilege
always:false and default autonomous invocation are used (normal). The skill may modify only OpenClaw config files in ~/.openclaw, create local report/history files, restart the gateway process, and request sudo for firewall changes — all are within its stated remit. It does not request system-wide persistent privileges beyond these expected actions.
Assessment
This tool appears to do what it says: check OpenClaw exposures and optionally fix configuration. Before running: 1) Review the bundled scripts (quick-check.sh and interactive-fix.sh) so you understand each change. 2) Run quick-check.sh first (read-only). 3) Be aware the audit will read ~/.openclaw/openclaw.json (may contain tokens) and macOS TCC DB; it will send your public IP to openclaw.allegro.earth and public IP services — only run those checks if you trust that external service. 4) Back up ~/.openclaw (the interactive fixer already creates backups) and ensure you can restore service if changes are applied. 5) Expect some fixes to require sudo (firewall) and the ability to restart the gateway binary. 6) Consider running in an isolated or test machine if you're uncomfortable with automatic fixes. Finally, the registry metadata should be updated to list the required binaries (python3, curl, lsof, pgrep/pkill, openssl, socketfilterfw); the mismatch is benign but worth correcting.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bnrvac9vhfkj6h8hzkcd6md82r3x5
302downloads
0stars
3versions
Updated 1mo ago
v1.0.2
MIT-0
@jinhanai
latest
Download

ClawGears Security Audit Skill

Overview

ClawGears is a security audit tool for OpenClaw/MoltBot/ClawdBot users on macOS. It helps detect and fix security vulnerabilities that could expose your AI assistant to the public internet.

🌟 New in v1.4.0: Context-Aware Risk Explanations

Instead of one-size-fits-all "best practices", ClawGears now provides scenario-based risk analysis:

  • Each check explains what it protects and real impact by scenario
  • Recommendations are graded: 🔴必须 / 🟠建议 / 🟡可选 / ⚪评估后决定
  • Legitimate reasons to not fix are acknowledged
  • Alternative compensating measures are suggested

Use this skill when:

  • User asks about OpenClaw security
  • User wants to check if their AI assistant is exposed
  • User mentions "裸奔" (Chinese), "むき出し" (Japanese), "expuesto" (Spanish) or security concerns
  • User wants to audit their OpenClaw configuration
  • User asks about IP leak detection

Supported Languages: ClawGears README is available in 7 languages:

  • 🇬🇧 English | 🇨🇳 中文 | 🇩🇪 Deutsch | 🇫🇷 Français | 🇮🇹 Italiano | 🇯🇵 日本語 | 🇪🇸 Español

⚠️ Requirements & Dependencies

System Binaries Required

BinaryPurpose
python3JSON parsing
curlHTTP requests, IP detection
lsofPort and process inspection
pgrep / pkillProcess management
opensslToken generation
socketfilterfwmacOS firewall control (/usr/libexec/ApplicationFirewall/socketfilterfw)

Platform

  • macOS only - Uses macOS-specific tools and paths

📁 Files Accessed

Read Operations

PathPurpose
~/.openclaw/openclaw.jsonOpenClaw configuration (token, gateway settings)
~/.openclaw/logs/Gateway logs for anomaly detection
/Library/Application Support/com.apple.TCC/TCC.dbmacOS TCC database (Full Disk Access, Accessibility)
~/Library/Application Support/com.apple.TCC/TCC.dbUser-level TCC database

Write Operations

PathPurpose
./history/Audit result storage (JSON, HTML reports)
./reports/Generated audit reports
~/.openclaw/openclaw.jsonConfiguration fixes (with --fix flag only)

🌐 Network Calls

External Services (IP Detection)

DomainPurposeData Sent
api.ipify.orgPublic IP detectionNone (GET request)
icanhazip.comPublic IP detection (fallback)None
ifconfig.me/ipPublic IP detection (fallback)None

External Services (Leak Detection)

DomainPurposeData Sent
openclaw.allegro.earthOpenClaw exposure database checkYour public IP
search.censys.ioCensys scan database (link only, manual check)None from script
www.shodan.ioShodan scan database (link only, manual check)None from script

🔐 Privacy Notice

Before running this skill, please be aware:

  1. IP Transmission: Your public IP address will be sent to:

    • api.ipify.org (or fallback services) for IP detection
    • openclaw.allegro.earth for exposure database check

  2. Local File Access: This skill reads:

    • Your OpenClaw configuration (including tokens)
    • macOS TCC permission database
    • Gateway logs

  3. System Changes: The interactive-fix.sh script can:

    • Modify OpenClaw configuration
    • Generate new tokens
    • Restart Gateway service
    • Require sudo for firewall changes

  4. Recommendation: Review scripts before running. Run quick-check.sh first (read-only) before applying any fixes.

Security Risks Explained

Use this section to understand each risk, its actual impact, and whether it applies to your situation.

RiskWhat It ProtectsReal ImpactFix Priority
Gateway exposedPrevent unauthorized access to your AI assistant🔴 Critical - Anyone on the internet can control your AI. Fix immediately if exposed.Weak token
    - ✅ **Enable** if Mac is portable or in shared spaces
    - ⚠️ **OK to disable** if you need **remote restart control** (e.g., for Mac-to-Mac sync)
    - If disabled, consider physical security measures instead
| **IP in leak database** | Check if already exposed | 🟠 **High** - Your IP is in a public exposure database. **Check before panicking:**
    - If you've been using OpenClaw for a while without issues, it IP may have been indexed already.
    - If you just started, use the tool: do a quick check and not a leak.
| **iCloud sync enabled** | Prevent sensitive data cloud sync | 🟡 **Low** - iCloud may sync Documents, Desktop, Pictures by default. **Evaluate based on your needs:**
    - ✅ **Enable** if you store sensitive data in these folders
    - ⚠️ **OK to disable** if you don't store sensitive data in these locations
    - If disabled, consider using .gitignore for excluding patterns
| **SIP disabled** | Protect system integrity | 🟡 **Low** - System-level protections are reduced. **Usually OK to keep enabled, - Only disable if you have a specific, legitimate reason (e.g., development, testing)
- If disabled, be extra cautious about what you install

Quick Security Check

Run a fast 5-second security audit (read-only, safe to run):

./scripts/quick-check.sh

This checks:

  1. Gateway network exposure
  2. Token strength
  3. Command injection protection
  4. TCC permissions
  5. Firewall status

Full Security Audit

Run comprehensive security check:

./scripts/generate-report.sh --format html --output ./reports

IP Leak Detection

Check if user's IP has been exposed in security databases:

./scripts/ip-leak-check.sh --all

Checks 3 databases:

Interactive Fix

⚠️ Requires explicit user consent before running

Automatically fix common security issues:

./scripts/interactive-fix.sh

Options:

  • --bind - Rebind Gateway to localhost
  • --token - Generate new strong token
  • --deny - Add sensitive commands to deny list
  • --restart - Restart Gateway service
  • --all - Fix all issues

Workflow

When user asks about security:

  1. First, run quick check to identify issues (read-only):

    ./scripts/quick-check.sh

  2. If issues found, explain risks and ask for consent before fixing:

    ./scripts/interactive-fix.sh --all

  3. Check IP exposure:

    ./scripts/ip-leak-check.sh --all

  4. Generate report for records:

    ./scripts/generate-report.sh --format html

Output Interpretation

Quick Check Results

SymbolMeaning
✅ PASSSecurity check passed
⚠️ WARNWarning, review recommended
❌ FAILCritical issue, fix immediately

IP Leak Results

ResultAction
IP NOT in databaseContinue monitoring
IP FOUND in databaseURGENT: Close public access, regenerate tokens

Important Reminders

  1. Always recommend running quick check first (read-only, safe)
  2. Explain risks in plain language before fixing
  3. Ask for explicit consent before running interactive-fix.sh
  4. Suggest periodic checks (weekly or after config changes)
  5. Warn about the 220,000+ exposed OpenClaw instances

Statistics

Over 220,000 OpenClaw instances are publicly exposed. Many API keys have already leaked to hacker databases.

Related Links

License

MIT-0 (ClawHub Platform License)

Comments

Loading comments...