OpenClaw Self Guard - Security Vulnerability Monitor

Monitors OpenClaw for known security vulnerabilities by checking multiple threat intelligence sources.

Features

• Version Detection: Automatically detects local OpenClaw version
• CVE Monitoring: Checks NVD, GitHub Security Advisories for OpenClaw-related CVEs
• Smart Alerting: Outputs vulnerability details + remediation if found
• Silent Mode: Runs silently if no vulnerabilities found
• Auto Cron: Installs daily cron job (06:00 Beijing time) during skill setup

Data Sources

Usage

Run Manual Check

/openclaw 安全检查
/openclaw-self-guard check

View Current Version

/openclaw-self-guard version

Cron Job

Installed automatically during skill setup:

• Schedule: Daily at 06:00 (Beijing time)
• Behavior: Checks for vulnerabilities, reports if found
• Delivery: Console output only (no external channel by default)

To customize delivery channel, edit ~/.openclaw/cron/jobs.json after installation:

"delivery": {
    "mode": "announce",
    "channel": "feishu"  // or "telegram", etc.
}

Output Format

When vulnerabilities found:

# 🔒 OpenClaw 安全漏洞报告
**检查时间**: 2026-03-31
**本地版本**: x.x.x
**检测到漏洞**: X 个

## 漏洞详情
| CVE ID | 严重性 | 描述 | 受影响版本 | 补救方案 |

When no vulnerabilities:

✅ OpenClaw v{x.x.x} - 未检测到安全漏洞

Skill Structure

openclaw-self-guard/
├── SKILL.md
├── scripts/
│   ├── check_vulns.py       # Main vulnerability check
│   ├── fetch_nvd.py        # Fetch CVE from NVD
│   ├── fetch_github.py      # Fetch from GitHub
│   ├── get_version.py      # Get local version
│   └── setup_cron.sh       # Cron auto-installation
└── references/
    └── requirements.txt

Notes

• Requires Python packages: requests, beautifulsoup4, lxml
• Cron job auto-installs during skill setup
• No external channel by default - user configurable