daily-security-check
OpenClaw 每日安全巡检技能。按固定清单检查网关 loopback、防火墙提醒、API 密钥在 .env、SOUL.md 安全规则、认证异常,并执行 openclaw security audit 与 openclaw doctor,输出简短报告与 0–10 安全评分;可由 cron 定时触发,结果可投递到 Telegram 等。Use when user says "安全巡检", "daily-security-check", or "执行每日安全巡检"。
Why use this skill?
Automate your daily OpenClaw security checks. Receive structured audits, risk scores, and actionable reports to keep your agent environment secure.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/goldwish1/daily-security-checkWhat This Skill Does
The daily-security-check skill acts as an automated, non-intrusive security auditor for your OpenClaw environment. It ensures that your system adheres to hardened security practices by performing a multi-layered verification process. The skill systematically checks for exposed gateway loopback interfaces, identifies potential firewall warnings, confirms that sensitive API keys are shielded within .env files rather than hardcoded, and validates the integrity of SOUL.md security rules. Beyond configuration checks, it triggers the built-in openclaw security audit and openclaw doctor tools to provide a professional-grade analysis of your current deployment. The final output is a structured, concise security report containing a 0–10 risk score and actionable remediation steps, which is automatically saved to workspace/docs/security-audit/ for historical tracking.
Installation
To integrate this security monitoring capability into your OpenClaw setup, execute the following command in your terminal:
clawhub install openclaw/skills/skills/goldwish1/daily-security-check
Once installed, ensure your environment variables are configured correctly, especially if you utilize a custom OPENCLAW_STATE_DIR, to allow the auditor to access the necessary system files.
Use Cases
- Automated Routine Checks: Schedule this skill via
cronto run every 24 hours. The silent, non-interactive execution mode ensures you receive a high-level summary (perfect for Telegram/Feishu integration) without interrupting agent workflows. - Pre-Deployment Audits: Run this before pushing new environment configurations to ensure no security best practices were accidentally bypassed during the development process.
- Incident Response: When suspecting configuration drift or potential unauthorized access, use this to generate a baseline audit report to compare against previous healthy states.
Example Prompts
- "安全巡检"
- "执行每日安全巡检,并将结果生成到报告文档中。"
- "daily-security-check"
Tips & Limitations
- Read-Only Safety: The skill is strictly designed for reporting. It does not auto-apply fixes. If
openclaw doctorreports issues, you must manually runopenclaw doctor --fixafter reviewing the generated report. - Data Privacy: The skill is programmed to sanitize its output. It will never expose raw API keys, secrets, or passwords in the generated markdown report, ensuring that even if your security logs are shared, your credentials remain safe.
- Report Constraints: Keep your audits between 300-600 words to ensure optimal compatibility with messaging platforms like Telegram. If the audit identifies critical vulnerabilities, prioritize these in the 'To-Do' section of the report output.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-goldwish1-daily-security-check": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, file-write, code-execution