中文

clawdbot-security-check

Low
by TheSethRose | Audited: 2026-02-26T09:59:20.936Z | Ruleset: 0.2.0

Quick Install

Add this skill to your agent

clawhub install clawdbot-security-check
GitHub ClawHub

About This Skill

Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when…

Task automation
Data processing
API integration
Error handling

Use Cases

1 Workflow automation
2 Data transformation
3 System integration

Documentation (Original)

Source: README.md
The following is the author's original documentation (often English). For installation, follow “Quick Install” above.

Clawdbot Security Check

🔒 Self-security audit framework for Clawdbot

Inspired by the security hardening framework from ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ and integrated with official ClawdBot security documentation.

This skill teaches Clawdbot to audit its own security posture using first-principles reasoning. Not a hard-coded script—it's a knowledge framework that Clawdbot applies dynamically to detect vulnerabilities, understand their impact, and recommend specific remediations.

What This Is

  • 🧠 Knowledge-based - Embeds the security framework directly in Clawdbot
  • 🔍 Dynamic detection - Clawdbot learns to find issues, not just run a script
  • 📚 Extensible - Add new checks by updating the skill
  • 🔒 100% Read-only - Only audits; never modifies configuration

The 12 Security Domains

# Domain Severity Key Question
1 Gateway Exposure 🔴 Critical Is the gateway bound to 0.0.0.0 without auth?
2 DM Policy 🟠 High Are DMs restricted to an allowlist?
3 Group Access Control 🟠 High Are group policies set to allowlist?
4 Credentials Security 🔴 Critical Are secrets in plaintext with loose permissions?
5 Browser Control Exposure 🟠 High Is remote browser control secured?
6 Gateway Bind & Network 🟠 High Is network exposure intentional and controlled?
7 Tool Access & Elevated 🟡 Medium Are tools restricted to minimum needed?
8 File Permissions & Disk 🟡 Medium Are file permissions properly set?
9 Plugin Trust & Model 🟡 Medium Are plugins allowlisted and models current?
10 Logging & Redaction 🟡 Medium Is sensitive data redacted in logs?
11 Prompt Injection 🟡 Medium Is untrusted content wrapped?
12 Dangerous Commands 🟡 Medium Are destructive commands blocked?

Installation

# Via ClawdHub
clawdhub install clawdbot-security-check

# Or clone for manual installation
git clone https://github.com/TheSethRose/Clawdbot-Security-Check.git
cp -r Clawdbot-Security-Check ~/.clawdbot/skills/

Usage

Via Clawdbot

@clawdbot audit my security
@clawdbot run security check
@clawdbot what vulnerabilities do I have?
@clawdbot security audit --deep
@clawdbot security audit --fix

Security Principles

Running an AI agent with shell access requires caution. Focus on:

  1. Who can talk to the bot — DM policies, group allowlists, channel restrictions
  2. Where the bot is allowed to act — Network exposure, gateway binding, proxy configs
  3. What the bot can touch — Tool access, file permissions, credential storage

Audit Functions

The --fix flag applies these guardrails:

  • Changes groupPolicy from open to allowlist for common channels
  • Resets logging.redactSensitive from off to tools
  • Tightens permissions: .clawdbot to 700, configs to 600
  • Secures state files including credentials and auth profiles

High-Level Checklist

Treat findings in this priority order:

  1. 🔴 Lock down DMs and groups if tools are enabled on open settings
  2. 🔴 Fix public network exposure immediately
  3. 🟠 Secure browser control with tokens and HTTPS
  4. 🟠 Correct file permissions for credentials and config
  5. 🟡 Only load trusted plugins
  6. 🟡 Use modern models for bots with tool access

Extending the Framework

Add new checks by contributing to SKILL.md:

## 13. New Vulnerability 🟡 Medium

**What to check:** What config reveals this?

**Detection:**
```bash
command-to-check-config

Vulnerability: What can go wrong?

Remediation:

{ "fix": "here" }


## Architecture

Clawdbot-Security-Check/
├── SKILL.md # Knowledge framework (the skill - source of truth)
├── skill.json # Clawdbot metadata
├── README.md # This file
└── .gitignore


**SKILL.md** is the source of truth—it teaches Clawdbot everything it needs to know.

## Why This Approach?

Hard-coded scripts get stale. A knowledge framework evolves:

- ✅ Add new vulnerabilities without code changes
- ✅ Customize checks for your environment
- ✅ Clawdbot understands the "why" behind each check
- ✅ Enables intelligent follow-up questions

> "The goal isn't to find vulnerabilities—it's to understand security deeply enough that vulnerabilities can't hide." — Daniel Miessler

## Output Example

═══════════════════════════════════════════════════════════════
🔒 CLAWDBOT SECURITY AUDIT
═══════════════════════════════════════════════════════════════
Timestamp: 2026-01-26T15:30:00.000Z

┌─ SUMMARY ───────────────────────────────────────────────
│ 🔴 Critical: 1
│ 🟠 High: 2
│ 🟡 Medium: 1
│ ✅ Passed: 8
└────────────────────────────────────────────────────────

┌─ FINDINGS ──────────────────────────────────────────────
│ 🔴 [CRITICAL] Gateway Exposure
│ Finding: Gateway bound to 0.0.0.0:18789 without auth
│ → Fix: Set gateway.auth_token environment variable

│ 🟠 [HIGH] DM Policy
│ Finding: dm_policy is "allow" (all users)
│ → Fix: Set dm_policy to "allowlist" with trusted users
└────────────────────────────────────────────────────────

This audit was performed by Clawdbot's self-security framework.
No changes were made to your configuration.


## Contributing

1. Fork the repo
2. Add new security knowledge to SKILL.md
3. Submit PR

## License

MIT - Security-first, open source forever.

---

**Clawdbot knows its attack surface. Do you?**

Security Audit

Low

Summary

Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.

Risk Profile Toxicity Privacy Scope Reputation Quality
Open on GitHub Repo Root ClawHub Report / Appeal

ToxicSkills Analysis

Blocklist
Not matched
Prompt Injection
Not detected

No Toxic signals detected by current static checks.

Key Risks 0 items

No LLM risk bullets (LLM disabled or not cached).

Deterministic Findings (Evidence)

Rule Severity File Snippet
QUALITY_README_PRESENT low README Line n/a
README detected

Scoring Criteria

Each skill is scored across 5 dimensions. The weighted total determines the star rating.

Code Toxicity 100/100 (weight 30%)
Privacy Risk 100/100 (weight 25%)
Permission Scope 100/100 (weight 20%)
Author Reputation 75/100 (weight 15%)
Code Quality 78/100 (weight 10%)

Star Rating Scale

5★ Safe — Score ≥ 80
4★ Good — Score 70–79
3★ Caution — Score 60–69
2★ Risky — Score 40–59
1★ Dangerous — Score < 40

Why This Score?

All dimensions scored above 60. This skill passed the safety baseline.

Explore More Skills

Sonoscli Low
by steipete
Proactive Agent Low
by halthelobster
Free Ride - Unlimited free AI Low
by Shaivpidadi

VettedSkillsHub

We curate the top 100 most downloaded skills from ClawHub — the official ClawdBot (OpenClaw) marketplace — then run independent 5-dimension security audits. Transparent evidence, reproducible scores, 1-click install.

About

Best-effort static analysis. Scores are reproducible and evidence-based. Always review code and run in isolated environments for sensitive use.

© 2026 VettedSkillsHub. ClawdBot & OpenClaw are community projects.