dont-hack-me
別駭我!基本安全檢測 — Security self-check for Clawdbot/Moltbot. Run a quick audit of your clawdbot.json to catch dangerous misconfigurations — exposed gateway, missing auth, open DM policy, weak tokens, loose file permissions. Auto-fix included. Invoke: "run a security check" or "幫我做安全檢查".
Why use this skill?
Secure your Clawdbot or Moltbot agent with the dont-hack-me skill. Instantly audit your gateway settings, auth modes, and channel policies for critical vulnerabilities.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/peterokase42/dont-hack-meWhat This Skill Does
dont-hack-me is a vital security-focused diagnostic skill designed specifically for Clawdbot and Moltbot users. It functions as an automated internal auditor that scans your configuration files to ensure your agent isn't accidentally exposed to malicious actors. By reading your ~/.clawdbot/clawdbot.json file, the skill evaluates your gateway settings, authentication protocols, and channel policies against a strict checklist of industry-standard security best practices. It flags dangerous configurations—such as open network ports, missing authentication, or permissive direct messaging settings—and provides a clear PASS/FAIL/WARN report. This helps you identify vulnerabilities before they can be exploited.
Installation
To integrate this security auditor into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/peterokase42/dont-hack-me
Once installed, the skill resides within your local agent environment and is ready to be invoked immediately without further setup.
Use Cases
This skill is essential for any developer or power user deploying an agent on a server or a networked device. It is particularly useful when:
- You are setting up a new agent for the first time and want to ensure you haven't left default "insecure" settings active.
- You have migrated your agent to a public-facing cloud server and need to confirm that your gateway is properly bound to localhost.
- You want a periodic "health check" to ensure your group and channel policies remain restrictive as your agent's functionality evolves.
- You are debugging unexpected agent behavior and want to rule out unauthorized access as a root cause.
Example Prompts
- "run a security check"
- "audit my clawdbot config"
- "am I secure?"
Tips & Limitations
- Permissions: Ensure the agent has read access to its own configuration directory. If the agent cannot read the JSON, it cannot audit it.
- Scope: This skill only checks the clawdbot.json file and does not inspect the underlying operating system firewall settings (like ufw or iptables). Always ensure your OS-level firewall is configured to block unauthorized traffic.
- Manual Intervention: While the tool identifies issues, it primarily provides visibility. Always review your configuration changes manually after an audit to ensure business logic requirements are still met alongside security best practices. Never rely solely on an automated script for full infrastructure security.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-peterokase42-dont-hack-me": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read