SkillHub

openclaw-security-scanner

v1.0.0

Run a comprehensive local security scan on your OpenClaw installation. Checks config, network exposure, credentials, OS hardening, and agent guardrails. Scores your setup and offers auto-fixes. Everything stays local — no data leaves your machine.

Sourced from ClawHub, Authored by Jkahn-tr

Installation

Please help me install the skill `openclaw-security-scanner` from SkillHub official store. npx skills add Jkahn-tr/openclaw-security-scanner

Security Scanner

Run a local security assessment on any OpenClaw installation.

Usage

The skill provides a bash script that scans your OpenClaw setup and reports findings with severity levels.

Quick scan (read-only)

bash "$(dirname "$0")/oc-security-scan.sh"

Auto-fix issues

bash "$(dirname "$0")/oc-security-scan.sh" --fix

Save a report

bash "$(dirname "$0")/oc-security-scan.sh" --report

JSON output

bash "$(dirname "$0")/oc-security-scan.sh" --json

What It Checks

  • OpenClaw Configuration — bind address, token strength, config permissions, exec security mode
  • Network Exposure — listening ports, firewall status, public interface exposure
  • Credential Hygiene — plaintext secrets, file permissions, .gitignore patterns
  • OS Hardening — disk encryption, auto-updates, OS version, root usage
  • Agent Guardrails — RULES.md, memory file permissions, safety constraints

Output

Color-coded terminal output with severity levels: - 🔴 CRITICAL — immediate action required - 🟡 WARNING — should be addressed - 🟢 PASS — looks good - ⚪ INFO — informational

Ends with a security score out of 100 (A-F grade).

Security Philosophy

  • Local only — zero external network calls, nothing phones home
  • Read-only by default — only modifies files when --fix is explicitly passed
  • Owner-operated — designed to be run by the OpenClaw owner on their own machine
  • No dependencies — standard unix tools + openclaw CLI only