clawvitals

What This Skill Does

ClawVitals serves as the primary security diagnostic and health-monitoring engine for self-hosted OpenClaw installations. It functions by systematically scanning your environment against a curated library of security controls specifically designed to protect AI agent workflows. By evaluating configurations ranging from authentication protocols and reverse proxy trust to version currency, ClawVitals identifies potential vulnerabilities before they can be exploited.

Beyond a single diagnostic point, it provides ongoing security posture tracking. It implements a unique scoring system (0-100) that categorizes your environment into RAG bands (Green, Amber, Red). Once configured, it shifts from manual utility to background automation: it silently monitors for regressions, ensuring that new deployments or config changes do not inadvertently introduce critical vulnerabilities. If a regression occurs, the system triggers immediate alerts, while maintaining a clean, quiet interface for stable, secure setups.

Installation

You can integrate ClawVitals into your agent environment using the following command:

clawhub install clawvitals

Alternatively, you can initialize the skill directly via your OpenClaw command interface using:

openclaw skills install clawvitals

After installation, running run clawvitals will initiate your first scan, providing a comprehensive audit report in less than 30 seconds.

Use Cases

• Proactive Security Auditing: Automatically verify that your deployment conforms to security best practices immediately after setup or following configuration updates.
• Continuous Monitoring: Utilize the scheduling feature to run automated daily or weekly health checks, ensuring that your agent infrastructure remains hardened against emerging threats.
• Risk Management & Compliance: Maintain a high security score by identifying and remediating "Red" status items, providing clear visibility into the security debt of your server.
• Posture Tracking: Enable optional anonymous telemetry to visualize your security trends over time via the dedicated ClawVitals dashboard, which is excellent for long-term project maintenance.

Example Prompts

• "run clawvitals"
• "show clawvitals details"
• "clawvitals schedule daily"

Tips & Limitations

• Silent Alerts: Remember that the system only alerts you when a scan fails or detects a regression. If you do not hear from ClawVitals, your system is within the acceptable security parameters.
• Scoring Logic: The tool uses a weighted deduction system. Critical issues (e.g., open groups) carry heavy penalties (-25 points), so always prioritize those in your remediation steps.
• Telemetry: If you prefer total privacy, do not enable the telemetry feature. Note that disabling telemetry means you lose access to the visual dashboard history.
• Scope: The tool is limited to the defined 6 primary scored controls and 8 experimental controls; it does not replace a comprehensive penetration test or deep-level infrastructure hardening.