Comprehensive security audit for OpenClaw. Scans 7 domains (runtime, channels, agents, cron, skills, sessions, network), supports 3 expertise levels, context-aware analysis, and visual dashboard. Read-only with localized reports.
数据来源:ClawHub。 在 ClawSkills 查看
选择你使用的 Agent
方法一:命令行安装(推荐)
推荐(无需提前安装 clawhub)
npx clawhub@latest --dir ~/.claude/skills install secucheck或使用 clawhub CLI(需提前安装)
clawhub --dir ~/.claude/skills install secucheck⚠️ 需要 Node.js 18+,没有 Node?请使用下方方法二直接下载 ZIP。 安装 Node.js →
方法二:手动下载安装(无需 Node)
下载 ZIP,解压后将文件夹放到以下路径,重启 Agent 即可:
安装路径
~/.claude/skills/secucheck/💡解压后将文件夹放到上方路径,重启 Agent 即可生效
--- name: secucheck description: Comprehensive security audit for OpenClaw. Scans 7 domains (runtime, channels, agents, cron, skills, sessions, network), supports 3 expertise levels, context-aware analysis, and visual dashboard. Read-only with localized reports. tags: [security, audit, hardening, runtime, dashboard, prompt-injection] ---
Comprehensive security audit skill for OpenClaw deployments. Analyzes configuration, permissions, exposure risks, and runtime environment with context-aware recommendations.
---
secucheck performs read-only security audits of your OpenClaw setup:
Never modifies configuration automatically. All fixes require explicit user confirmation.
---
clawhub install secucheckAsk your OpenClaw agent:
When prompted, choose your level:
All levels run the same checks—only explanation depth varies.
"show dashboard" / "visual report"Opens an HTML report in your browser.
---
🔒 Security Audit Results
🟡 Needs Attention
| Severity | Count |
|----------|-------|
| 🔴 Critical | 0 |
| 🟠 High | 0 |
| 🟡 Medium | 2 |
| 🟢 Low | 3 |
### 🟡 Agent "molty": exec + external content processing
...---
---
Everything below is for the agent executing this skill.
---
Trigger this skill when:
| Level | Identifier | Style | |-------|------------|-------| | Beginner | 1, beginner | Analogies, simple explanations, no jargon | | Intermediate | 2, intermediate | Technical details, config examples | | Expert | 3, expert | Attack vectors, edge cases, CVE references |
Present options in user's language. Example (English):
What level of technical detail do you prefer?
1. 🌱 Beginner - I'll explain simply with analogies
2. 💻 Intermediate - Technical details and config examples
3. 🔐 Expert - Include attack vectors and edge cases
📌 All levels run the same checks—only explanation depth varies.STOP HERE. Wait for user response.
bash ~/.openclaw/skills/secucheck/scripts/full_audit.shReturns JSON with findings categorized by severity.
Parse JSON output and format based on user's expertise level. Final report must be in user's language.
🔒 Security Audit Results
📊 Summary Table
| Severity | Count |
|----------|-------|
| 🔴 Critical | X |
| ...
⚡ Runtime
- [findings related to RUNTIME category]
🤖 Agents
- [findings related to AGENT category]
📁 Workspace
- [findings related to WORKSPACE category]
🧩 Skills
- [findings related to SKILL category]
📢 Channels
- [findings related to CHANNEL category]
🌐 Network
- [findings related to NETWORK category]Group findings by their category field, not just severity. Within each category, show severity icon and explain.
After text report, automatically generate and serve dashboard:
bash ~/.openclaw/skills/secucheck/scripts/serve_dashboard.shThe script returns JSON with url (LAN IP) and local_url (localhost). Use the url field (not localhost) when telling the user — they may access from another device.
Example:
📊 대시보드도 열었어요: http://192.168.1.200:8766/secucheck-report.htmlIf running in environment where browser can be opened, use browser tool to open it.
Scripts run on Linux, macOS, and WSL. Check the JSON output for platform info:
{
"os": "linux",
"os_variant": "ubuntu",
"in_wsl": false,
"in_dsm": false,
"failed_checks": ["external_ip"]
}| Field | Values | |-------|--------| | os | linux, macos, windows, unknown | | os_variant | ubuntu, arch, dsm, wsl, version string | | in_wsl | true if Windows Subsystem for Linux | | in_dsm | true if Synology DSM |
If failed_checks array is non-empty, run fallback commands based on platform:
| Platform | Command | |----------|---------| | Linux | ip addr show or ifconfig | | macOS | ifconfig | | WSL | ip addr show (or check Windows via cmd.exe /c ipconfig) | | Windows | PowerShell: Get-NetIPAddress | | DSM | ifconfig or /sbin/ip addr |
| Platform | Command | |----------|---------| | Linux | ss -tlnp \| grep :18789 or netstat -tlnp | | macOS | lsof -iTCP:18789 -sTCP:LISTEN | | Windows | PowerShell: Get-NetTCPConnection -LocalPort 18789 |
| Platform | Command | |----------|---------| | Linux/macOS | ls -la ~/.openclaw | | Windows | PowerShell: Get-Acl $env:USERPROFILE\.openclaw |
If os is windows and scripts fail completely:
# Network exposure
Get-NetTCPConnection -LocalPort 18789 -State Listen
# File permissions
Get-Acl "$env:USERPROFILE\.openclaw"
# Process info
Get-Process | Where-Object {$_.Name -like "*openclaw*"}Some environments lack tools. Check output and supplement:
| Missing Tool | Fallback | |--------------|----------| | curl | wget -qO- | | ss | netstat | | ip | ifconfig or /sbin/ip | | pgrep | ps aux \| grep |
1. Run full_audit.sh
2. Check "failed_checks" in output
3. For each failed check:
a. Identify platform from os/os_variant
b. Run platform-specific fallback command
c. Incorporate results into report
4. Note any checks that couldn't completeWhen user requests visual report:
bash ~/.openclaw/skills/secucheck/scripts/serve_dashboard.shReturns:
{
"status": "ok",
"url": "http://localhost:8766/secucheck-report.html",
"pid": 12345
}Provide URL directly to user.
Read these only when deep explanation needed:
| File | Domain | |------|--------| | checks/runtime.md | Live system state | | checks/channels.md | Channel policies | | checks/agents.md | Agent permissions | | checks/cron.md | Scheduled jobs | | checks/skills.md | Installed skills | | checks/sessions.md | Session isolation | | checks/network.md | Network configuration |
Use these for expert-level explanations:
...
安装 Secucheck 后,可以对 AI 说这些话来触发它
Help me get started with Secucheck
Explains what Secucheck does, walks through the setup, and runs a quick demo based on your current project
Use Secucheck to comprehensive security audit for OpenClaw
Invokes Secucheck with the right parameters and returns the result directly in the conversation
What can I do with Secucheck in my marketing & growth workflow?
Lists the top use cases for Secucheck, with example commands for each scenario
将技能文件夹放到 ~/.claude/skills/secucheck/ 目录(个人级,所有项目可用),或 .claude/skills/secucheck/(项目级)。重启 AI 客户端后,用 /secucheck 主动调用,或让 AI 根据上下文自动发现并使用。
Secucheck 支持 Claude、Cursor、OpenClaw,可与这些 AI 平台无缝集成,扩展其能力。
Secucheck 可免费安装使用。请查阅仓库了解许可证信息。
Comprehensive security audit for OpenClaw. Scans 7 domains (runtime, channels, agents, cron, skills, sessions, network), supports 3 expertise levels, context-aware analysis, and visual dashboard. Read-only with localized reports.
Secucheck 属于「Marketing & Growth」分类,该分类的技能帮助 AI 智能体在此领域执行专业任务。
Automate my marketing & growth tasks using Secucheck
Identifies repetitive steps in your workflow and sets up Secucheck to handle them automatically