ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

security-scanner

Run a comprehensive local security scan on your OpenClaw installation. Checks config, network exposure, credentials, OS hardening, and agent guardrails. Scores your setup and offers auto-fixes. Everything stays local — no data leaves your machine.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/jkahn-tr/openclaw-security-scanner
Or

Security Scanner

Run a local security assessment on any OpenClaw installation.

Usage

The skill provides a bash script that scans your OpenClaw setup and reports findings with severity levels.

Quick scan (read-only)

bash "$(dirname "$0")/oc-security-scan.sh"

Auto-fix issues

bash "$(dirname "$0")/oc-security-scan.sh" --fix

Save a report

bash "$(dirname "$0")/oc-security-scan.sh" --report

JSON output

bash "$(dirname "$0")/oc-security-scan.sh" --json

What It Checks

  • OpenClaw Configuration — bind address, token strength, config permissions, exec security mode
  • Network Exposure — listening ports, firewall status, public interface exposure
  • Credential Hygiene — plaintext secrets, file permissions, .gitignore patterns
  • OS Hardening — disk encryption, auto-updates, OS version, root usage
  • Agent Guardrails — RULES.md, memory file permissions, safety constraints

Output

Color-coded terminal output with severity levels:

  • 🔴 CRITICAL — immediate action required
  • 🟡 WARNING — should be addressed
  • 🟢 PASS — looks good
  • ⚪ INFO — informational

Ends with a security score out of 100 (A-F grade).

Security Philosophy

  • Local only — zero external network calls, nothing phones home
  • Read-only by default — only modifies files when --fix is explicitly passed
  • Owner-operated — designed to be run by the OpenClaw owner on their own machine
  • No dependencies — standard unix tools + openclaw CLI only
Read Full Documentation on GitHub

Metadata

Author@jkahn-tr
Stars1947
Views1
Updated2026-03-04
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-jkahn-tr-openclaw-security-scanner": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.