> ⚠️ Contenu généré par IA — validation humaine requise avant utilisation.
Audits the runtime environment of OpenClaw deployments: Node.js version compliance,
secrets handling, HTTP security headers, command allowlists, proxy configuration,
disk budget, and direct message policies.
| Tool | Description | Severity |
|---|---|---|
| ------ | ------------- | ---------- |
openclaw_node_version_check | Verify Node.js runtime version | CRITICAL |
openclaw_secrets_workflow_check | Audit secrets handling in workflows | CRITICAL |
openclaw_http_headers_check | Check HTTP security headers (HSTS, CSP) | HIGH |
openclaw_nodes_commands_check | Validate nodes.allowCommands config | HIGH |
openclaw_trusted_proxy_check | Verify trusted proxy configuration | HIGH |
openclaw_session_disk_budget_check | Check session disk budget limits | MEDIUM |
openclaw_dm_allowlist_check | Audit DM channel allowlist policy | MEDIUM |
skills:
- firm-runtime-audit-pack
# Run full runtime audit:
openclaw_node_version_check config_path=/path/to/config.json
openclaw_secrets_workflow_check config_path=/path/to/config.json
openclaw_http_headers_check config_path=/path/to/config.json
mcp-openclaw-extensions >= 3.0.0共 1 个版本