Comprehensive security auditing for OpenClaw deployments. This skill performs automated security checks and generates reports.
> ⚠️ Security Notice: This skill requires elevated system access for legitimate security auditing purposes. See SECURITY.md for detailed security declarations and data handling policies.
Run the security audit script:
python3 scripts/openclaw_security_audit.py
This generates:
/tmp/openclaw-security-reports/report-{DATE}.txt| Check | Description |
|---|---|
| ------- | ------------- |
| Environment Isolation | Detects Docker/container/VM environments |
| Privilege Check | Verifies OpenClaw isn't running as root |
| Port Exposure | Checks if Gateway port 18789 is exposed |
| Skill Trust | Lists installed skills and their sources |
| Version Check | Compares current vs latest OpenClaw version |
| Process & Network | Captures listening ports and top processes |
| Sensitive Directories | Counts file changes in /etc, ~/.ssh, etc. |
| System Cron | Lists system timers and cron jobs |
| OpenClaw Cron | Retrieves internal OpenClaw scheduled tasks |
| SSH Audit | Recent logins and failed SSH attempts |
| File Integrity | SHA256 hash and permission checks |
| Yellow Line Audit | Compares sudo logs with memory records |
| Disk Usage | Root partition usage and large files |
| Environment Variables | Scans Gateway process for sensitive vars |
| DLP Scan | Detects plaintext private keys/mnemonics (read-only) |
| Skill/MCP Integrity | Tracks file hash changes over time |
| Disaster Recovery | Auto-commits OpenClaw state to Git (opt-in) |
See SECURITY.md for detailed explanations of:
This skill requires system access for:
ss, top, systemctl, etc.)OpenClaw Daily Security Brief (2026-03-11)
[OK] Environment Isolation: Running in isolated environment
[OK] Privilege Check: Complies with least privilege principle
[WARNING] Port Exposure: Port 18789 listening on all interfaces, recommend binding to 127.0.0.1
...
Warning Items:
[WARNING] Port Exposure: Port 18789 listening on all interfaces, recommend binding to 127.0.0.1
Full report saved to /tmp/openclaw-security-reports/report-{DATE}.txt
To enable external operations, set the following environment variables:
export SECURITY_AUDIT_ENABLE_GIT=1
Enables automatic Git commit and push of OpenClaw state to your configured remote.
export SECURITY_AUDIT_ENABLE_TELEGRAM=1
export TELEGRAM_BOT_TOKEN="your-bot-token"
export TELEGRAM_CHAT_ID="your-chat-id"
Sends audit summary to Telegram after each run.
To run daily via OpenClaw cron:
openclaw cron add --name "daily-security-audit" --schedule "0 9 * * *" --command "python3 ~/.openclaw/workspace/skills/openclaw-security/scripts/openclaw_security_audit.py"
| Version | Date | Changes |
|---|---|---|
| --------- | ------ | --------- |
| 1.0.2 | 2026-03-16 | Made Git backup and Telegram opt-in features (disabled by default) |
| 1.0.1 | 2026-03-16 | Added SECURITY.md, enhanced documentation |
| 1.0.0 | 2026-03-13 | Initial release |
共 1 个版本