openclaw-security-check
Security self-check for OpenClaw deployments. Audits openclaw.json config and host security in one pass: gateway exposure, auth mode, token strength, channel DM/group policies, file permissions, plaintext secrets, host firewall, SSH hardening, and exposed ports. Outputs a 10-item PASS/WARN/FAIL report with optional auto-fix. Use when: user asks "run a security check", "am I secure?", "audit my config", "check security settings", or on periodic heartbeat/cron. Complements the built-in healthcheck skill (OS-level hardening workflow) with a fast, focused config-and-host audit.
Why use this skill?
Perform a comprehensive 10-point security audit of your OpenClaw deployment and host settings. Identify vulnerabilities, check configuration, and apply automated fixes.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/guoqunabc/openclaw-security-checkWhat This Skill Does
The openclaw-security-check skill is an essential diagnostic utility for OpenClaw deployments, providing a comprehensive 10-point audit of both your application configuration and the underlying host environment. It evaluates critical security vectors including gateway binding, authentication modes, token entropy, communication channel policies, and system-level hardening. Unlike generic system scanners, this skill understands the specific nuances of the openclaw.json configuration file, ensuring that your agent is not exposed to common misconfigurations like insecure gateway binding (0.0.0.0) or permissive channel access control. The skill provides a clear PASS/WARN/FAIL report and includes integrated fix recipes, allowing you to remediate vulnerabilities efficiently while maintaining control over the changes applied to your system.
Installation
To integrate this skill into your environment, use the OpenClaw command-line interface provided in the primary distribution. Ensure your environment has the necessary permissions to read configuration files and execute system security commands. Execute the following command in your terminal:
clawhub install openclaw/skills/skills/guoqunabc/openclaw-security-check
Once installed, the agent will have the ability to read your configuration file and perform diagnostic checks on host services like UFW, SSH, and network port availability.
Use Cases
This skill is designed for system administrators and developers who need to ensure their OpenClaw instances adhere to security best practices. Ideal for periodic infrastructure audits, the skill helps teams demonstrate compliance with secure deployment standards. It is particularly useful during initial setup to prevent configuration drift, or after updates when security defaults might have changed. Automated monitoring setups can leverage this skill as part of a heartbeat check to alert administrators via internal messaging if the security posture degrades.
Example Prompts
- "Run a security check on my current setup and show me a report."
- "Audit my openclaw.json config and tell me if I have any security vulnerabilities."
- "Am I secure? Please check my host settings and configuration for risks."
Tips & Limitations
Always review the report before applying any auto-fixes, especially those related to firewall configurations or SSH hardening. The skill cannot automatically resolve all issues; specifically, identifying plaintext secrets requires manual review, as the agent cannot discern between a required key and a sensitive credential. Furthermore, ensure you have an active SSH session when applying hardening steps to avoid locking yourself out of your server. Regular use of the '--json' flag via the CLI is recommended for integration into CI/CD pipelines or automated monitoring dashboards.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-guoqunabc-openclaw-security-check": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution, network-access
Related Skills
gateway-watchdog
Monitor OpenClaw Gateway health by detecting abnormal error rates in logs. Use when: (1) setting up Gateway error monitoring, (2) diagnosing repeated API failures (429, quota, timeouts), (3) user asks about Gateway health or error trends, (4) integrating error detection into heartbeat checks. Detects rate-limiting, server errors, auth failures, network errors, and message delivery failures across all channels.
Feishu Doc Writing
Skill by guoqunabc
chat-with-l
和小提(L)聊天。小提是朋友 Kid(孙榕)的 OpenClaw AI 助手,运行在 49.232.185.232:18789。使用场景:(1) 主人让雷姆去找小提聊天/传话/打招呼,(2) 提到"小提"、"L"、"Kid"、"孙榕"相关的对话请求。
feishu-doc-editing
Performance-optimized strategies for editing Feishu (Lark) documents via OpenClaw's feishu_doc tool. Use when: (1) modifying existing Feishu documents, (2) inserting images at specific positions, (3) writing tables or structured content, (4) any multi-block document editing task, (5) writing long documents that may hit API size limits. Provides concrete patterns to minimize API calls and maximize editing speed while preserving existing formatting. Covers: parallel operations, positioned image insertion, large document chunking, rate-limit handling, rich-text preservation, and conflict avoidance. Complements the built-in feishu-doc skill (API reference) with operational best practices.
browser-zombie-cleaner
Detect and clean up zombie browser processes left by OpenClaw's browser tool. When the OpenClaw Gateway restarts, Playwright-launched browser processes get orphaned and accumulate memory. This skill identifies them safely and optionally terminates them. Use when: memory is high, browser processes are piling up, or as part of periodic health checks.