Security Audit Enhanced
Advanced security audit framework for AI agents and system configurations. Combines knowledge-based guidance with automated scanning scripts.
Key Improvements Over Original
| Feature | Original | Enhanced |
|---|---|---|
| Automation | Knowledge only | Scripts + Knowledge |
| JSON Parsing | grep (unreliable) | jq (proper) |
| Platform | Linux only | macOS + Linux |
| Scoring | None | 0-100 scale |
| Baseline | None | Track changes |
| Reports | Text only | JSON/HTML/Markdown |
Quick Start
Run Full Audit
python3 ~/.security-audit/scripts/audit.py --full
Quick Check (Critical Only)
python3 ~/.security-audit/scripts/audit.py --critical
Generate JSON Report
python3 ~/.security-audit/scripts/audit.py --json --output report.json
Compare with Baseline
python3 ~/.security-audit/scripts/audit.py --baseline ~/.security-audit/baseline.json
Security Scoring
The audit produces a 0-100 security score:
| Score | Rating | Status |
|---|---|---|
| 90-100 | Excellent | Minimal risk |
| 70-89 | Good | Minor issues |
| 50-69 | Fair | Needs attention |
| 30-49 | Poor | Significant risk |
| 0-29 | Critical | Immediate action required |
The 13 Security Domains
1. Gateway Exposure 🔴 Critical
Risk: Unauthenticated network access to agent gateway.
Check:
jq '.gateway.bind, .gateway.auth_token' ~/.clawdbot/clawdbot.json 2>/dev/null
Secure baseline:
bind:127.0.0.1orlan(not0.0.0.0)auth_token: Set via env or config
Fix:
export CLAWDBOT_GATEWAY_TOKEN="$(openssl rand -hex 32)"
# Or in config:
jq '.gateway.bind = "127.0.0.1"' ~/.clawdbot/clawdbot.json
2. DM Policy Configuration 🟠 High
Risk: Any user can DM the bot and execute commands.
Check:
jq '.channels | to_entries[] | select(.value.dmPolicy) | {channel: .key, policy: .value.dmPolicy}' ~/.clawdbot/clawdbot.json
Secure baseline:
dmPolicy:allowlistorpairing(notopen)
3. Group Access Control 🟠 High
Risk: Anyone in groups can trigger bot commands.
Check:
jq '.channels | to_entries[] | select(.value.groupPolicy) | {channel: .key, policy: .value.groupPolicy}' ~/.clawdbot/clawdbot.json
Secure baseline:
groupPolicy:allowlistwith explicit group IDs
4. Credentials Security 🔴 Critical
Risk: Plaintext credentials with loose permissions.
Check:
# Check credential files exist and permissions
ls -la ~/.clawdbot/credentials/ 2>/dev/null
# Check config permissions
stat -f "%Lp" ~/.clawdbot/clawdbot.json 2>/dev/null || stat -c "%a" ~/.clawdbot/clawdbot.json 2>/dev/null
Secure baseline:
- Directory permissions:
700 - File permissions:
600
Fix:
chmod 700 ~/.clawdbot
chmod 600 ~/.clawdbot/clawdbot.json
chmod 600 ~/.clawdbot/credentials/*.json 2>/dev/null
5. Browser Control Exposure 🟠 High
Risk: Remote browser control without authentication.
Check:
jq '.browser.remoteControlUrl, .browser.remoteControlToken' ~/.clawdbot/clawdbot.json 2>/dev/null
Secure baseline:
remoteControlToken: Must be set if remote control enabled- Use HTTPS for remote control URL
6. Network Binding 🟠 High
Risk: Gateway exposed to public internet.
Check:
jq '.gateway.bind, .gateway.mode, .gateway.tailscale' ~/.clawdbot/clawdbot.json 2>/dev/null
Secure baseline:
mode:localfor developmentbind:127.0.0.1(localhost only)tailscale.mode:offunless intentionally used
7. Tool Access & Sandboxing 🟡 Medium
Risk: Excessive tool permissions increase blast radius.
Check:
jq '.restrict_tools, .mcp_tools, .workspaceAccess, .sandbox' ~/.clawdbot/clawdbot.json 2>/dev/null
Secure baseline:
restrict_tools:trueworkspaceAccess:roornonesandbox:allfor untrusted content
8. File Permissions 🟡 Medium
Risk: Other users can read sensitive configs.
Check:
# Check directory permission
stat -f "%Lp" ~/.clawdbot 2>/dev/null || stat -c "%a" ~/.clawdbot 2>/dev/null
# Check all JSON files
find ~/.clawdbot -name "*.json" -exec stat -f "%Lp %N" {} \; 2>/dev/null || find ~/.clawdbot -name "*.json" -exec stat -c "%a %n" {} \; 2>/dev/null
Secure baseline:
~/.clawdbot/:700- All
.jsonfiles:600
9. Plugin Trust 🟡 Medium
Risk: Untrusted plugins can execute arbitrary code.
Check:
jq '.plugins' ~/.clawdbot/clawdbot.json 2>/dev/null
Secure baseline:
- Use explicit
allowlistfor plugins
10. Logging & Redaction 🟡 Medium
Risk: Sensitive data leaks in logs.
Check:
jq '.logging.redactSensitive' ~/.clawdbot/clawdbot.json 2>/dev/null
Secure baseline:
redactSensitive:toolsorall
11. Prompt Injection Protection 🟡 Medium
Risk: Untrusted content injects malicious prompts.
Check:
jq '.wrap_untrusted_content, .untrusted_content_wrapper, .mentionGate' ~/.clawdbot/clawdbot.json 2>/dev/null
Secure baseline:
wrap_untrusted_content:truementionGate:true
12. Dangerous Command Blocking 🟡 Medium
Risk: Destructive commands can be executed.
Check:
jq '.blocked_commands' ~/.clawdbot/clawdbot.json 2>/dev/null
Secure baseline: Include patterns:
{
"blocked_commands": [
"rm -rf",
"rm -rf /",
"dd if=",
"mkfs",
":(){ :|:& };:",
"curl | bash",
"wget | bash",
"git push --force",
"chmod 777",
"> /dev/sda"
]
}
13. Secret Scanning 🟡 Medium
Risk: Committed secrets in codebase.
Check:
which detect-secrets 2>/dev/null && detect-secrets --version
ls -la .secrets.baseline 2>/dev/null
Secure baseline:
detect-secretsinstalled.secrets.baselineexists and is current
Automated Scripts
audit.py
Main audit script with scoring and reporting.
# Full audit with all checks
python3 scripts/audit.py --full
# Quick critical checks only
python3 scripts/audit.py --critical
# JSON output for CI/CD
python3 scripts/audit.py --json
# Compare with previous baseline
python3 scripts/audit.py --baseline baseline.json --diff
# Apply auto-fixes (safe only)
python3 scripts/audit.py --fix
check_permissions.py
Standalone permission checker.
python3 scripts/check_permissions.py --path ~/.clawdbot --fix
generate_report.py
Generate formatted reports.
# HTML report
python3 scripts/generate_report.py --format html --output report.html
# Markdown report
python3 scripts/generate_report.py --format markdown --output SECURITY.md
CI/CD Integration
GitHub Actions
name: Security Audit
on: [push, pull_request]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Security Audit
run: |
pip install jq
python3 scripts/audit.py --json --output audit-report.json
- name: Upload Report
uses: actions/upload-artifact@v4
with:
name: security-audit
path: audit-report.json
Pre-commit Hook
#!/bin/bash
# .git/hooks/pre-commit
python3 scripts/audit.py --critical || {
echo "Security audit failed. Fix issues before committing."
exit 1
}
Baseline Management
Create Baseline
python3 scripts/audit.py --save-baseline baseline.json
Compare with Baseline
python3 scripts/audit.py --baseline baseline.json
Update Baseline After Fixes
python3 scripts/audit.py --save-baseline baseline.json --force
Report Formats
JSON Output
{
"timestamp": "2026-02-21T14:00:00Z",
"score": 85,
"rating": "Good",
"summary": {
"critical": 0,
"high": 1,
"medium": 2,
"passed": 10
},
"findings": [
{
"domain": "dm-policy",
"severity": "high",
"finding": "DM policy is 'open'",
"recommendation": "Set dmPolicy to 'allowlist'"
}
]
}
HTML Report
Generates styled HTML with:
- Score gauge visualization
- Severity breakdown chart
- Detailed findings table
- Remediation steps
Extending the Framework
Add new checks by:
- Create a new domain in
audit.py:
def check_new_domain(config):
issues = []
# Your check logic
if vulnerable:
issues.append({
'domain': 'new-domain',
'severity': 'medium',
'finding': 'Description',
'recommendation': 'How to fix'
})
return issues
-
Add domain to checklist in
SKILL.md -
Run tests to validate
References
- OWASP API Security: https://owasp.org/www-project-api-security/
- Clawdbot Security Docs: https://docs.clawd.bot/gateway/security
- Original Framework: https://github.com/TheSethRose/Clawdbot-Security-Check
Remember: Security is not a one-time check. Run audits regularly, track baselines, and respond to changes promptly.