OpenClaw Security Audit Skill
Local-only skill that audits ~/.openclaw/openclaw.json, runs 15+ security
checks, and generates a detailed report using the user's existing LLM
configuration. No external APIs or keys required.
When to Use This Skill
- - The user asks for a security audit of their OpenClaw instance.
- The user wants a remediation checklist for configuration risks.
- The user is preparing an OpenClaw deployment and wants a hardening review.
How It Works
- 1. Read config with standard tools (
cat, jq). - Extract security-relevant settings (NEVER actual secrets).
- Build a structured findings object with metadata only.
- Pass findings to the user's LLM via OpenClaw's normal agent flow.
- Generate a markdown report with severity ratings and fixes.
Inputs
- - targetconfigpath (optional): Path to OpenClaw config file.
- default: ~/.openclaw/openclaw.json
Outputs
- - Markdown report including:
- Overall risk score (0-100)
- Findings categorized by severity (Critical/High/Medium/Low)
- Each finding with description, why it matters, how to fix, example config
- Prioritized remediation roadmap
Security Checks (15+)
- 1. API keys hardcoded in config (vs environment variables)
- Weak or missing gateway authentication tokens
- Unsafe gateway.bind settings (0.0.0.0 without proper auth)
- Missing channel access controls (allowFrom not set)
- Unsafe tool policies (elevated tools without restrictions)
- Sandbox disabled when it should be enabled
- Missing rate limits on channels
- Secrets potentially exposed in logs
- Outdated OpenClaw version
- Insecure WhatsApp configuration
- Insecure Telegram configuration
- Insecure Discord configuration
- Missing audit logging for privileged actions
- Overly permissive file system access scopes
- Unrestricted webhook endpoints
- Insecure default admin credentials
Data Handling Rules
- - Strip all secrets before analysis.
- Only report metadata such as present/missing/configured.
- Do not log or emit actual key values.
- Use local-only execution; no network calls.
Example Findings Object (Redacted)
CODEBLOCK0
Report Format
The report must include:
- - Overall risk score (0-100)
- Severity buckets: Critical, High, Medium, Low
- Each finding: description, why it matters, how to fix, example config
- Prioritized remediation roadmap
Skill Flow (Pseudo)
CODEBLOCK1
Notes
- - Uses the user's existing OpenClaw LLM configuration (Opus, GPT, Gemini, and
local models).
- - No external APIs or special model access are required.
OpenClaw 安全审计技能
仅限本地的技能,用于审计 ~/.openclaw/openclaw.json,执行 15 项以上安全检查,并使用用户现有的 LLM 配置生成详细报告。无需外部 API 或密钥。
何时使用此技能
- - 用户要求对其 OpenClaw 实例进行安全审计。
- 用户想要一份配置风险的修复清单。
- 用户正在准备 OpenClaw 部署,并希望进行加固审查。
工作原理
- 1. 使用标准工具(cat、jq)读取配置。
- 提取安全相关设置(绝不提取实际密钥)。
- 构建一个仅包含元数据的结构化发现对象。
- 通过 OpenClaw 的正常代理流程将发现结果传递给用户的 LLM。
- 生成包含严重性评级和修复方案的 Markdown 报告。
输入
- - targetconfigpath(可选):OpenClaw 配置文件的路径。
- 默认值:~/.openclaw/openclaw.json
输出
- 总体风险评分(0-100)
- 按严重性分类的发现(严重/高/中/低)
- 每个发现包含描述、重要性、修复方法、配置示例
- 优先级排序的修复路线图
安全检查(15 项以上)
- 1. API 密钥硬编码在配置中(而非环境变量)
- 网关认证令牌弱或缺失
- 不安全的 gateway.bind 设置(0.0.0.0 且无适当认证)
- 缺少通道访问控制(allowFrom 未设置)
- 不安全的工具策略(无限制的提权工具)
- 沙箱在应启用时被禁用
- 通道缺少速率限制
- 密钥可能暴露在日志中
- OpenClaw 版本过旧
- 不安全的 WhatsApp 配置
- 不安全的 Telegram 配置
- 不安全的 Discord 配置
- 特权操作缺少审计日志
- 文件系统访问范围过于宽松
- 不受限制的 Webhook 端点
- 不安全的默认管理员凭据
数据处理规则
- - 分析前剥离所有密钥。
- 仅报告元数据,如存在/缺失/已配置。
- 不记录或输出实际密钥值。
- 仅限本地执行;无网络调用。
发现对象示例(已编辑)
json
{
config_path: ~/.openclaw/openclaw.json,
openclaw_version: 存在,
gateway: {
bind: 0.0.0.0,
auth_token: 缺失
},
channels: {
allowFrom: 缺失,
rate_limits: 缺失
},
secrets: {
hardcoded: 检测到
},
tool_policies: {
elevated: 无限制
}
}
报告格式
报告必须包括:
- - 总体风险评分(0-100)
- 严重性分类:严重、高、中、低
- 每个发现:描述、重要性、修复方法、配置示例
- 优先级排序的修复路线图
技能流程(伪代码)
text
readconfigpath = input.targetconfigpath || ~/.openclaw/openclaw.json
rawconfig = cat(readconfig_path)
json = jq parse raw_config
metadata = extractsecuritymetadata(json)
findings = build_findings(metadata)
report = openclaw.agent.analyze(findings, format=markdown)
return report
备注
- - 使用用户现有的 OpenClaw LLM 配置(Opus、GPT、Gemini 和本地模型)。
- 无需外部 API 或特殊模型访问权限。
