🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

OpenClaw Security Scanner

by @jkahn-tr

Run a comprehensive local security scan on your OpenClaw installation. Checks config, network exposure, credentials, OS hardening, and agent guardrails. Scor...

Versionv1.0.0
Downloads2,583
Installs19
TERMINAL
clawhub install openclaw-security-scanner

πŸ“– About This Skill


name: security-scanner description: Run a comprehensive local security scan on your OpenClaw installation. Checks config, network exposure, credentials, OS hardening, and agent guardrails. Scores your setup and offers auto-fixes. Everything stays local β€” no data leaves your machine.

Security Scanner

Run a local security assessment on any OpenClaw installation.

Usage

The skill provides a bash script that scans your OpenClaw setup and reports findings with severity levels.

Quick scan (read-only)

bash "$(dirname "$0")/oc-security-scan.sh"

Auto-fix issues

bash "$(dirname "$0")/oc-security-scan.sh" --fix

Save a report

bash "$(dirname "$0")/oc-security-scan.sh" --report

JSON output

bash "$(dirname "$0")/oc-security-scan.sh" --json

What It Checks

  • OpenClaw Configuration β€” bind address, token strength, config permissions, exec security mode
  • Network Exposure β€” listening ports, firewall status, public interface exposure
  • Credential Hygiene β€” plaintext secrets, file permissions, .gitignore patterns
  • OS Hardening β€” disk encryption, auto-updates, OS version, root usage
  • Agent Guardrails β€” RULES.md, memory file permissions, safety constraints
  • Output

    Color-coded terminal output with severity levels:

  • πŸ”΄ CRITICAL β€” immediate action required
  • 🟑 WARNING β€” should be addressed
  • 🟒 PASS β€” looks good
  • βšͺ INFO β€” informational
  • Ends with a security score out of 100 (A-F grade).

    Security Philosophy

  • Local only β€” zero external network calls, nothing phones home
  • Read-only by default β€” only modifies files when --fix is explicitly passed
  • Owner-operated β€” designed to be run by the OpenClaw owner on their own machine
  • No dependencies β€” standard unix tools + openclaw CLI only
  • πŸ’‘ Examples

    The skill provides a bash script that scans your OpenClaw setup and reports findings with severity levels.

    Quick scan (read-only)

    bash "$(dirname "$0")/oc-security-scan.sh"
    

    Auto-fix issues

    bash "$(dirname "$0")/oc-security-scan.sh" --fix
    

    Save a report

    bash "$(dirname "$0")/oc-security-scan.sh" --report
    

    JSON output

    bash "$(dirname "$0")/oc-security-scan.sh" --json