openclaw-security-policy-check

OpenClaw 网关安全自动化审计与配置检查工具。自动检查 OpenClaw 配置文件中的常见安全风险，执行安全审计。适用于：

3,891 stars

Best use case

openclaw-security-policy-check is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

OpenClaw 网关安全自动化审计与配置检查工具。自动检查 OpenClaw 配置文件中的常见安全风险，执行安全审计。适用于：

Teams using openclaw-security-policy-check should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/openclaw-security-policy-check/SKILL.md --create-dirs "https://raw.githubusercontent.com/openclaw/skills/main/skills/asantssec/openclaw-security-policy-check/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/openclaw-security-policy-check/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How openclaw-security-policy-check Compares

Feature / Agent	openclaw-security-policy-check	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

OpenClaw 网关安全自动化审计与配置检查工具。自动检查 OpenClaw 配置文件中的常见安全风险，执行安全审计。适用于：

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

AI Agents for Marketing

Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.

AI Agents for Startups

Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.

AI Agents for Coding

Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.

SKILL.md Source

# OpenClaw Security Policy Check

自动化安全审计配置工具，检测 OpenClaw 网关常见安全配置问题。

## 使用方法

```bash
node {baseDir}/scripts/audit.cjs
```

## 工作流程

1. **读取配置文件**：自动定位 `~/.openclaw/openclaw.json`
2. **检查配置**：5 项关键安全配置
3. **执行审计**：运行 `openclaw security audit --deep`
4. **输出报告**：汇总修复结果和审计发现

## 检查项说明

| 配置项 | 不安全值 | 安全值 |
|--------|----------|--------|
| gateway.bind | 0.0.0.0 | 127.0.0.1 |
| gateway.auth.token | 短或默认 | 32位强随机 |
| controlUi.allowInsecureAuth | true | false |
| tools.exec.security | full | allowlist |
| tools.exec.ask | off | on-miss |

## 注意事项

- 首次使用建议备份配置文件
- 修改 token 后需要重启网关使配置生效
- 需要有 openclaw 命令行工具

Related Skills

botlearn-healthcheck

3891

from openclaw/skills

botlearn-healthcheck — BotLearn autonomous health inspector for OpenClaw instances across 5 domains (hardware, config, security, skills, autonomy); triggers on system check, health report, diagnostics, or scheduled heartbeat inspection.

DevOps & Infrastructure

openclaw-youtube

3891

from openclaw/skills

YouTube SERP Scout for agents. Search top-ranking videos, channels, and trends for content research and competitor tracking.

Content & Documentation

openclaw-search

3891

from openclaw/skills

Intelligent search for agents. Multi-source retrieval with confidence scoring - web, academic, and Tavily in one unified API.

Data & Research

openclaw-media-gen

3891

from openclaw/skills

Generate images & videos with AIsa. Gemini 3 Pro Image (image) + Qwen Wan 2.6 (video) via one API key.

Content & Documentation

Policy Writer

3891

from openclaw/skills

Generate professional internal policies for any business function — HR, IT, finance, compliance, data privacy, acceptable use, and more.

Business Management

OpenClaw Mastery — The Complete Agent Engineering & Operations System

3891

from openclaw/skills

> Built by AfrexAI — the team that runs 9+ production agents 24/7 on OpenClaw.

DevOps & Infrastructure

Cybersecurity Risk Assessment

3891

from openclaw/skills

You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.

Security

afrexai-cybersecurity-engine

3891

from openclaw/skills

Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident response, or building security programs from scratch. Works with any stack — zero external dependencies.

Security

AI Governance Policy Builder

3891

from openclaw/skills

Build internal AI governance policies from scratch. Covers acceptable use, model selection, data handling, vendor contracts, compliance mapping, and board reporting.

time-checker

3891

from openclaw/skills

Check accurate current time, date, and timezone information for any location worldwide using time.is. Use when the user asks "what time is it in X", "current time in Y", or needs to verify timezone offsets.

General Utilities

security-guardian

3891

from openclaw/skills

Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.

Security

openclaw-safe-change-flow

3891

from openclaw/skills

Safe OpenClaw config change workflow with backup, minimal edits, validation, health checks, and rollback. Single-instance first; secondary instance optional.

DevOps & Infrastructure