clawscan

Security scanner and hardening tool for OpenClaw deployments. Use when: user asks for security scan, audit, hardening, vulnerability check, or posture assessment of their OpenClaw setup. Runs 25+ checks across config security, file exposure, skill security, network security, and OpenClaw-specific hardening. Outputs A-F grade with actionable recommendations. Pure bash, zero dependencies.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "clawscan" with this command: npx skills add osmankidwai-bot/clawscan/osmankidwai-bot-clawscan-clawscan

ClawScan Security

Quick Start

Run a full scan:

bash "$(dirname "$0")/scripts/scan.sh"

Usage

# Basic scan (shows failures only)
scripts/scan.sh

# Verbose (show all checks)
scripts/scan.sh --verbose

# JSON output
scripts/scan.sh --json

# Custom OpenClaw path
scripts/scan.sh --path /custom/openclaw/dir

# Formatted report
scripts/scan.sh --json | scripts/report.sh

What It Checks

Config Security (40 pts)

  • Config file exists and is valid JSON
  • No hardcoded API keys/tokens
  • Gateway auth configured
  • Gateway bind address secure
  • HTTPS/TLS for remote access
  • Model allowlist configured
  • Exec security policy

File Exposure (25 pts)

  • No passwords in MEMORY.md
  • No .env files with secrets
  • No private keys in workspace
  • Workspace permissions secure

Skill Security (20 pts)

  • Skills from known sources
  • No exec override to 'full'
  • No unjustified elevated permissions
  • Skills directory permissions

Network Security (15 pts)

  • Gateway not publicly exposed without auth
  • Webhooks use HTTPS
  • Browser cookies secured

OpenClaw-Specific (35 pts) — NEW

  • Gateway auth token strength
  • Config file not world-readable
  • Model allowlist not wildcard
  • Cron job security (elevated flags, dangerous commands)
  • Memory files not world-readable
  • OpenClaw version current
  • Session/workspace isolation

Tiers

  • Free: All checks above. A-F grading. Text + JSON output.
  • Pro ($19/mo): Advanced OS checks, trend tracking, severity scoring. Coming soon.
  • Managed ($49/mo): Continuous monitoring, auto-remediation, alerting. Coming soon.

Check Documentation

  • OS checks: references/checks-os.md
  • OpenClaw checks: references/checks-openclaw.md

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

summarize-article

No summary provided by upstream source.

Repository SourceNeeds Review
8-nickoc
General

super-helper-tool

No summary provided by upstream source.

Repository SourceNeeds Review
2-nickoc
Security

Ring Security

Monitor and manage Ring doorbells and security cameras. Query device status, review motion events, manage modes, and export event history. Use when you need...

Registry SourceRecently Updated
1730bytesagain1
Security

Retirement Planner

退休规划工具。退休金计算、投资策略、社保养老金、投资组合、提取策略、缺口分析。Retirement planner with pension calculation, investment strategy, social security, portfolio, withdrawal strategy, gap...

Registry SourceRecently Updated
1690bytesagain