SX-security-audit
全方位安全审计技能。检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git 安全、Shell 安全、macOS 安全、密钥检测等。支持 CLI 参数、JSON 输出、配置文件。当用户要求"安全检查"、"漏洞扫描"、"权限检查"、"安全审计"时使用此技能。
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/13256659129/sx-security-audit-1-0-0What This Skill Does
The SX-security-audit skill is a comprehensive security tool designed for OpenClaw users to perform deep, multi-layered audits of their development and production environments. It acts as an automated security scanner that identifies vulnerabilities in file permissions, environment variables, dependencies, network configurations, and source code. By analyzing everything from Git security and Shell histories to macOS-specific system integrity (SIP, Gatekeeper), it provides actionable insights into your infrastructure's health.
The skill features a robust scanning engine that detects sensitive information like hardcoded API keys (AWS, Slack, OpenAI, etc.), insecure shell commands, and high-entropy strings. Furthermore, it integrates supply chain security by scanning project dependencies (via npm audit) and ensures configuration compliance with custom policies defined in .security-audit.json files. Detailed reports can be generated in JSON or Markdown and automatically dispatched to Feishu for team visibility.
Installation
To install this skill, run the following command in your terminal:
clawhub install openclaw/skills/skills/13256659129/sx-security-audit-1-0-0
Use Cases
- Pre-deployment Check: Verify your repository for leaked secrets and insecure dependencies before pushing to production.
- System Hardening: Audit existing workspace permissions and network ports to ensure no services are unnecessarily exposed to the outside world.
- Incident Response: Quickly audit system variables and shell histories if you suspect an environment might be compromised.
- Continuous Monitoring: Schedule audits as part of your CI/CD pipeline to maintain compliance and secure coding practices across team members.
Example Prompts
- "Perform a full system security audit and summarize the high-risk findings."
- "Check for any hardcoded keys or insecure file permissions in this project directory."
- "Run a security scan on my dependencies and network ports, then send the results to my Feishu webhook."
Tips & Limitations
- Configuration: Use a
.security-audit.jsonfile in your project root to exclude noisy folders likenode_modulesordistto speed up the scan and reduce false positives. - Permissions: Ensure the tool has appropriate read access to your system directories, especially when checking
.sshor system configurations. - macOS Limitations: Certain system-level checks like SIP or Gatekeeper status are only functional when the audit is executed on a macOS environment.
- Secret Detection: While the tool uses advanced entropy analysis and regex, always review the results manually to filter out potential false positives or benign high-entropy strings.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-13256659129-sx-security-audit-1-0-0": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, network-access, code-execution