securityvitals

What This Skill Does

The securityvitals skill, frequently referred to as ClawVitals, serves as a specialized diagnostic tool designed for self-hosted OpenClaw environments. It performs a comprehensive security audit of your installation by evaluating 6 stable security controls and 6 experimental controls. The output is a clear, actionable RAG (Red-Amber-Green) status report that identifies vulnerabilities and provides specific remediation steps to improve the overall security posture of your agent infrastructure.

This skill is built for system administrators and power users who require a high-level overview of their instance's health without constantly diving into raw log files. It aggregates data from critical system commands—including security audits, health checks, versioning, and node status—and distills them into a human-readable format.

Installation

To add this skill to your OpenClaw agent, execute the following command in your terminal or messaging surface:

clawhub install openclaw/skills/skills/bk-cm/securityvitals

Ensure that you have sufficient permissions to modify your local skill registry before proceeding. Once installed, the skill resides within your local environment and will be immediately available for invocation.

Use Cases

• Routine Security Hardening: Integrate this into your weekly maintenance routine to ensure your self-hosted setup hasn't drifted from recommended security configurations.
• Post-Update Verification: After performing a version upgrade, run the security scan to ensure no new misconfigurations or regressions were introduced during the update process.
• Troubleshooting Connectivity: Use the scan to quickly identify if underlying channel probes or node version incompatibilities are impacting your agent's communication stability.
• Pre-Audit Preparation: Get an immediate snapshot of your security controls before a more formal or manual audit of your server infrastructure.

Example Prompts

• "run clawvitals"
• "show clawvitals details"
• "Can you run a security scan and show me what to fix?"

Tips & Limitations

• Statelessness: The skill does not persist scan history. For recurring monitoring, visit the official clawvitals.io/plugin resource.
• Data Privacy: This skill is strictly local. It does not initiate network calls to third parties, ensuring your audit data remains within your perimeter. Note that some internal system commands (like update checks) may trigger their own native OpenClaw telemetry.
• Error Handling: If a system command fails during the data collection phase, the skill will gracefully report the specific area as 'N/A' rather than crashing or providing inaccurate, guessed information. Always verify remediation steps before applying major system changes.