security-scanner

Run a comprehensive local security scan on your OpenClaw installation. Checks config, network exposure, credentials, OS hardening, and agent guardrails. Scores your setup and offers auto-fixes. Everything stays local — no data leaves your machine.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-scanner" with this command: npx skills add jkahn-tr/openclaw-security-scanner

Security Scanner

Run a local security assessment on any OpenClaw installation.

Usage

The skill provides a bash script that scans your OpenClaw setup and reports findings with severity levels.

Quick scan (read-only)

bash "$(dirname "$0")/oc-security-scan.sh"

Auto-fix issues

bash "$(dirname "$0")/oc-security-scan.sh" --fix

Save a report

bash "$(dirname "$0")/oc-security-scan.sh" --report

JSON output

bash "$(dirname "$0")/oc-security-scan.sh" --json

What It Checks

  • OpenClaw Configuration — bind address, token strength, config permissions, exec security mode
  • Network Exposure — listening ports, firewall status, public interface exposure
  • Credential Hygiene — plaintext secrets, file permissions, .gitignore patterns
  • OS Hardening — disk encryption, auto-updates, OS version, root usage
  • Agent Guardrails — RULES.md, memory file permissions, safety constraints

Output

Color-coded terminal output with severity levels:

  • 🔴 CRITICAL — immediate action required
  • 🟡 WARNING — should be addressed
  • 🟢 PASS — looks good
  • ⚪ INFO — informational

Ends with a security score out of 100 (A-F grade).

Security Philosophy

  • Local only — zero external network calls, nothing phones home
  • Read-only by default — only modifies files when --fix is explicitly passed
  • Owner-operated — designed to be run by the OpenClaw owner on their own machine
  • No dependencies — standard unix tools + openclaw CLI only

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Code Review Inspector

Automated code review checking for bugs, security issues, best practices, performance problems, and code style

Registry SourceRecently Updated
330michaelatamuk
Security

agent-bom runtime

AI runtime security monitoring — context graph analysis, runtime audit log correlation with CVE findings, and vulnerability analytics queries. Use when the u...

Registry SourceRecently Updated
7870msaad00
Security

agent-bom scan

Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container...

Registry SourceRecently Updated
7740msaad00
Security

agent-bom vulnerability intel

Use agent-bom to check package, SBOM, inventory, and agent dependency exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV with explicit...

Registry SourceRecently Updated
300msaad00