security-audit

Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-audit" with this command: npx skills add aaaaqwq/claude-code-skills/aaaaqwq-claude-code-skills-security-audit

Security Audit Skill

When to use

Run a security audit to identify vulnerabilities in your Clawdbot setup before deployment or on a schedule. Use auto-fix to remediate common issues automatically.

Setup

No external dependencies required. Uses native system tools where available.

How to

Quick audit (common issues)

node skills/security-audit/scripts/audit.cjs

Full audit (comprehensive scan)

node skills/security-audit/scripts/audit.cjs --full

Auto-fix common issues

node skills/security-audit/scripts/audit.cjs --fix

Audit specific areas

node skills/security-audit/scripts/audit.cjs --credentials      # Check for exposed API keys
node skills/security-audit/scripts/audit.cjs --ports            # Scan for open ports
node skills/security-audit/scripts/audit.cjs --configs          # Validate configuration
node skills/security-audit/scripts/audit.cjs --permissions      # Check file permissions
node skills/security-audit/scripts/audit.cjs --docker           # Docker security checks

Generate report

node skills/security-audit/scripts/audit.cjs --full --json > audit-report.json

Output

The audit produces a report with:

LevelDescription
🔴 CRITICALImmediate action required (exposed credentials)
🟠 HIGHSignificant risk, fix soon
🟡 MEDIUMModerate concern
🟢 INFOFYI, no action needed

Checks Performed

Credentials

  • API keys in environment files
  • Tokens in command history
  • Hardcoded secrets in code
  • Weak password patterns

Ports

  • Unexpected open ports
  • Services exposed to internet
  • Missing firewall rules

Configs

  • Missing rate limiting
  • Disabled authentication
  • Default credentials
  • Open CORS policies

Files

  • World-readable files
  • Executable by anyone
  • Sensitive files in public dirs

Docker

  • Privileged containers
  • Missing resource limits
  • Root user in container

Auto-Fix

The --fix option automatically:

  • Sets restrictive file permissions (600 on .env)
  • Secures sensitive configuration files
  • Creates .gitignore if missing
  • Enables basic security headers

Related skills

  • security-monitor - Real-time monitoring (available separately)

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

security-monitor

No summary provided by upstream source.

Repository SourceNeeds Review
-28
aaaaqwq
Security

performing-security-code-review

No summary provided by upstream source.

Repository SourceNeeds Review
-17
aaaaqwq
Security

vibe-code-auditor

No summary provided by upstream source.

Repository SourceNeeds Review
-12
aaaaqwq