openclaw-security-audit – OpenClaw Skill

---

name: openclaw-security-audit description: Audit OpenClaw configuration for security risks and generate a remediation report using the user's configured LLM. metadata: openclaw: requires: bins: ["cat", "jq"] os: ["darwin", "linux", "windows"]

OpenClaw Security Audit Skill

Local-only skill that audits ~/.openclaw/openclaw.json, runs 15+ security checks, and generates a detailed report using the user's existing LLM configuration. No external APIs or keys required.

When to Use This Skill

• The user asks for a security audit of their OpenClaw instance.
• The user wants a remediation checklist for configuration risks.
• The user is preparing an OpenClaw deployment and wants a hardening review.

How It Works

1. Read config with standard tools (cat, jq).
2. Extract security-relevant settings (NEVER actual secrets).
3. Build a structured findings object with metadata only.
4. Pass findings to the user's LLM via OpenClaw's normal agent flow.
5. Generate a markdown report with severity ratings and fixes.

Inputs

• target_config_path (optional): Path to OpenClaw config file.
  • default: ~/.openclaw/openclaw.json

Outputs

• Markdown report including:
  • Overall risk score (0-100)
  • Findings categorized by severity (Critical/High/Medium/Low)
  • Each finding with description, why it matters, how to fix, example config
  • Prioritized remediation roadmap

Security Checks (15+)

1. API keys hardcoded in config (vs environment variables)
2. Weak or missing gateway authentication tokens
3. Unsafe gateway.bind settings (0.0.0.0 without proper auth)
4. Missing channel access controls (allowFrom not set)
5. Unsafe tool policies (elevated tools without restrictions)
6. Sandbox disabled when it should be enabled
7. Missing rate limits on channels
8. Secrets potentially exposed in logs
9. Outdated OpenClaw version
10. Insecure WhatsApp configuration
11. Insecure Telegram configuration
12. Insecure Discord configuration
13. Missing audit logging for privileged actions
14. Overly permissive file system access scopes
15. Unrestricted webhook endpoints
16. Insecure default admin credentials

Data Handling Rules

• Strip all secrets before analysis.
• Only report metadata such as present/missing/configured.
• Do not log or emit actual key values.
• Use local-only execution; no network calls.

Example Findings Object (Redacted)

{
  "config_path": "~/.openclaw/openclaw.json",
  "openclaw_version": "present",
  "gateway": {
    "bind": "0.0.0.0",
    "auth_token": "missing"
  },
  "channels": {
    "allowFrom": "missing",
    "rate_limits": "missing"
  },
  "secrets": {
    "hardcoded": "detected"
  },
  "tool_policies": {
    "elevated": "unrestricted"
  }
}

Report Format

The report must include:

• Overall risk score (0-100)
• Severity buckets: Critical, High, Medium, Low
• Each finding: description, why it matters, how to fix, example config
• Prioritized remediation roadmap

Skill Flow (Pseudo)

read_config_path = input.target_config_path || ~/.openclaw/openclaw.json
raw_config = cat(read_config_path)
json = jq parse raw_config
metadata = extract_security_metadata(json)
findings = build_findings(metadata)
report = openclaw.agent.analyze(findings, format=markdown)
return report

Notes

• Uses the user's existing OpenClaw LLM configuration (Opus, GPT, Gemini, and local models).
• No external APIs or special model access are required.

OpenClaw Security Auditor

Comprehensive security auditing for your OpenClaw instance

Features

• 🔍 15+ automated security checks
• 🤖 AI-powered analysis using YOUR existing LLM
• 📊 Risk scoring and prioritization
• 🛠️ Step-by-step fix instructions
• 🔒 Privacy-focused (secrets never exposed)
• ⚡ Zero configuration required

Quick Start

clawhub install openclaw-security-auditor

Then ask your OpenClaw bot: "Run security audit"

What It Checks

• API keys hardcoded in config vs environment variables
• Weak or missing gateway authentication tokens
• Unsafe gateway.bind settings (0.0.0.0 without proper auth)
• Missing channel access controls (allowFrom not set)
• Unsafe tool policies (elevated tools without restrictions)
• Sandbox disabled when it should be enabled
• Missing rate limits on channels
• Secrets potentially exposed in logs
• Outdated OpenClaw version
• Insecure WhatsApp configuration
• Insecure Telegram configuration
• Insecure Discord configuration
• Missing audit logging for privileged actions
• Overly permissive file system access scopes
• Unrestricted webhook endpoints
• Insecure default admin credentials

Example Output

# OpenClaw Security Audit Report

Overall Risk Score: 74/100

## Critical
- Missing gateway authentication token
  - Why it matters: Unauthenticated access enables full remote control.
  - How to fix: Set `gateway.authToken` and rotate any exposed tokens.
  - Example:
    gateway:
      authToken: ${OPENCLAW_GATEWAY_TOKEN}

## High
- `gateway.bind` set to 0.0.0.0 with weak auth
  - Why it matters: Public exposure without strong auth increases attack surface.
  - How to fix: Bind to localhost or enforce strong auth + allowlist.

## Remediation Roadmap

1. Enable gateway authentication and rotate tokens.
2. Restrict gateway bind address or add allowlist controls.
3. Add channel rate limits and access controls.

How It Works

This skill runs entirely on YOUR OpenClaw instance using YOUR configured LLM. No external services, no additional API keys needed.

Installation

1. Install from ClawHub:

   clawhub install openclaw-security-auditor
   

2. Ensure your OpenClaw instance is configured with any LLM you already use.

3. Restart OpenClaw if needed so the skill loads.

Usage

• Run a full audit:
  • "Run security audit"
• Validate after a config change:
  • "Re-run the OpenClaw security audit"
• Ask for a focused remediation plan:
  • "Summarize the top 3 fixes from the audit"

Privacy

We never see your actual API keys or secrets. The skill only analyzes configuration metadata and strips all secret values before analysis.

Contributing

Contributions welcome! See CONTRIBUTING.md.

License

MIT License - see LICENSE file.

Author

Muhammad Waleed