ants-openclaw-security-audit
审计本地 openclaw 的安全配置与运行暴露面。用于检查、验证、解释和总结当前机器或沙箱中的 openclaw 相关安全设置,包括代理配置、sandbox 配置、docker 端口暴露、gateway 检查、文件权限、workspace symlink 风险、本地监听端口以及整体本地安全状态。
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/asantssec/ants-openclaw-security-auditWhat This Skill Does
The ants-openclaw-security-audit skill is a comprehensive security diagnostic tool designed for local OpenClaw deployments, sandboxed environments, and development workspaces. It functions as an automated auditor that inspects, verifies, and summarizes the security posture of your environment. By scanning critical areas like Docker port exposures, filesystem permissions, workspace symlinks, and configuration files, this skill helps users identify vulnerabilities before they can be exploited.
It performs a structured audit by checking sensitive configuration parameters (audit_openclaw_config, audit_sandbox_config, audit_proxy) and system-level runtime security (check_docker_ports, scan_ports, check_gateway, check_file_permissions). The skill doesn't just list technical findings; it translates them into actionable conclusions, including risk levels and specific remediation steps, ensuring that even non-security experts can understand the threats and apply fixes.
Installation
To install this skill, run the following command in your terminal:
clawhub install openclaw/skills/skills/asantssec/ants-openclaw-security-audit
Use Cases
- Post-Deployment Audit: Verify that your newly deployed OpenClaw instance is properly isolated from the host machine.
- Sandbox Hardening: Evaluate whether your sandboxed workspace configuration effectively restricts file access and network exposure.
- Incident Investigation: Rapidly scan for unauthorized port bindings or unexpected symlinks that might allow path traversal attacks.
- Security Compliance: Perform routine health checks to ensure your local OpenClaw development environment follows security best practices.
Example Prompts
- "Perform a full security audit of my current OpenClaw deployment and list all risks."
- "Check if there are any dangerous Docker port bindings or unauthorized network services running on my local machine."
- "Evaluate the safety of my sandbox configuration and verify if my workspace symlinks are secure."
Tips & Limitations
- Minimalism: If you have a specific concern (e.g., ports), ask about that specific area first to trigger the most relevant checks efficiently.
- No Guarantees: This skill cannot guarantee a perfectly secure environment. It checks for known common risks and misconfigurations; it is not a replacement for comprehensive manual penetration testing.
- Transparency: The tool will clearly state if an audit was limited due to permission issues or missing files. Never assume a system is safe just because a specific scan passed; always look at the 'Limitations' section of the report.
- Execution: Ensure the agent has sufficient system permissions if you want it to scan protected file directories or network configurations.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-asantssec-ants-openclaw-security-audit": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, network-access