SX-security-audit
全方位安全审计技能。检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git 安全、Shell 安全、macOS 安全、密钥检测等。支持 CLI 参数、JSON 输出、配置文件。当用户要求"安全检查"、"漏洞扫描"、"权限检查"、"安全审计"时使用此技能。
About this skill
The SX-security-audit skill provides a wide-ranging security assessment across various layers of a system, code, and configurations. It meticulously checks for common vulnerabilities and misconfigurations, including overly permissive file access for sensitive directories, world-writable files, exposed API keys in configuration files and environment variables, insecure function calls in code, and known dependency vulnerabilities. Key areas of focus include auditing `.ssh`, `.aws`, and `.gnupg` permissions; scanning for SUID/SGID bits; identifying hardcoded secrets in code and `.bashrc`/`.zshrc`; checking `npm audit` results; assessing Git security practices; and listing network listening ports. For macOS environments, it can verify firewall, Gatekeeper, and System Integrity Protection (SIP) statuses. This skill is invaluable for developers, DevOps teams, and security professionals looking to automate their security posture checks. It enables proactive identification of potential security gaps, ensuring code and infrastructure adhere to best practices before deployment or during regular maintenance. The ability to generate JSON output makes it suitable for integration into CI/CD pipelines or automated reporting systems.
Best use case
The primary use case is to perform automated, comprehensive security audits of projects and system environments. Developers and security engineers can use it to quickly identify misconfigurations, exposed credentials, and vulnerabilities in their codebases, dependencies, and operating systems (especially macOS) as part of their development workflow or CI/CD processes, ensuring a hardened security posture.
全方位安全审计技能。检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git 安全、Shell 安全、macOS 安全、密钥检测等。支持 CLI 参数、JSON 输出、配置文件。当用户要求"安全检查"、"漏洞扫描"、"权限检查"、"安全审计"时使用此技能。
A detailed report outlining detected security vulnerabilities, misconfigurations, exposed secrets, and overall security posture, optionally in a structured JSON format for programmatic consumption.
Practical example
Example input
请帮我进行一次全面的安全审计,重点检查权限、环境变量和依赖项漏洞,并输出JSON格式的报告。
Example output
```json
{
"summary": {
"total_findings": 5,
"critical": 0,
"high": 1,
"medium": 2,
"low": 2
},
"findings": [
{
"module": "dependencies",
"type": "vulnerability",
"severity": "high",
"description": "npm audit detected 1 high-severity vulnerability in 'lodash'."
},
{
"module": "env",
"type": "exposed_secret",
"severity": "medium",
"description": "Found potential AWS Access Key in environment variable 'AWS_SECRET_ACCESS_KEY'."
}
]
}
```When to use this skill
- Before deploying new code or services to production.
- As a scheduled security health check for existing systems and projects.
- During development to identify and fix security issues early.
- When investigating potential security incidents or breaches for initial assessment.
When not to use this skill
- As a replacement for manual penetration testing by human experts.
- For auditing highly specialized or proprietary systems not covered by its modules.
- If you require deep, contextual analysis of application-specific business logic vulnerabilities.
- When there's no programmatic access or execution environment for Python scripts.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/sx-security-audit-1-0-0/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How SX-security-audit Compares
| Feature / Agent | SX-security-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | medium | N/A |
Frequently Asked Questions
What does this skill do?
全方位安全审计技能。检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git 安全、Shell 安全、macOS 安全、密钥检测等。支持 CLI 参数、JSON 输出、配置文件。当用户要求"安全检查"、"漏洞扫描"、"权限检查"、"安全审计"时使用此技能。
How difficult is it to install?
The installation complexity is rated as medium. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
SKILL.md Source
# Security Audit - 全方位安全审计技能
本技能提供全面的安全检查功能,涵盖系统、代码、配置等多个层面,并支持生成报告发送到飞书。
## 检查范围
本技能支持以下安全检查模块(可通过 `--check` 选择):
### 🔒 permissions - 权限与访问控制
- **敏感文件权限** - 检查 .ssh、.aws、.gnupg、OpenClaw 目录权限
- 使用位掩码 `actual_mode & ~expected_mode` 精确检测超出预期的权限位
### 🔓 world_writable - 世界可写文件检测
- 在 workspace 目录下扫描 o+w 权限的文件
- 检测 SUID/SGID 位设置的文件
### 🔐 config - OpenClaw 配置安全
- 使用正则模式检测配置文件中的真实密钥(AWS、GitHub、Slack、OpenAI 等)
- 检查 Gateway 认证方式
- 检查插件安装状态
### 📝 skills - Skills 代码安全
- 用正则模式匹配检测硬编码密钥
- 检查不安全的函数调用(eval、exec、os.system 等)
- 高熵字符串检测(Shannon entropy > 4.5)
### 📦 dependencies - 依赖与供应链安全
- 运行 `npm audit --json` 检查 NPM 依赖漏洞
- 正确处理 npm audit 非零返回码(有漏洞时返回非零)
- 按漏洞严重级别统计
### 🌍 env - 环境变量安全
- 扫描当前进程环境变量中的敏感信息
- 检测已知 API key 格式(sk-、ghp_、xoxb-、AKIA 等)
- 检测环境变量名称中的敏感关键词
### 🔀 git - Git 安全检查
- 检查 .gitignore 是否忽略了 .env、.secret、credentials 等
- 检查 git credential.helper 是否使用明文存储
- 扫描最近 commit diff 中的密钥模式
### 🌐 network - 网络端口扫描
- 使用 `lsof -i -P -n` 检查监听端口
- 标记监听 0.0.0.0(全接口暴露)的进程
- 列出所有监听端口清单
### 🐚 shell - Shell 安全检查
- 检查 .bash_history / .zsh_history 文件权限
- 扫描 .bashrc / .zshrc 中的明文 export 密钥
### 🍎 macos - macOS 安全检查(仅 macOS)
- 检查防火墙状态(socketfilterfw)
- 检查 Gatekeeper 状态(spctl)
- 检查 SIP 系统完整性保护状态(csrutil)
## 增强密钥检测
使用正则模式精确匹配已知密钥格式:
| 类型 | 模式 |
|------|------|
| AWS Access Key | `AKIA[0-9A-Z]{16}` |
| GitHub Token | `ghp_[a-zA-Z0-9]{36}` / `github_pat_` |
| Slack Token | `xox[bpas]-` |
| OpenAI/Anthropic Key | `sk-[a-zA-Z0-9]{20,}` |
| JWT Token | `eyJ[a-zA-Z0-9_-]+\.eyJ` |
| Private Key | `-----BEGIN PRIVATE KEY-----` |
同时支持 Shannon 信息熵检测(> 4.5 的高熵字符串视为可疑密钥)。
## CLI 使用方式
### 完整审计
```bash
python3 scripts/security_audit.py
```
### 指定检查模块
```bash
python3 scripts/security_audit.py --check permissions env git
```
### 过滤严重级别
```bash
python3 scripts/security_audit.py --severity high
```
### JSON 输出
```bash
python3 scripts/security_audit.py --json
python3 scripts/security_audit.py --json --output report.json
```
### 列出可用模块
```bash
python3 scripts/security_audit.py --list-checks
```
### 静默模式
```bash
python3 scripts/security_audit.py --quiet --json --output report.json
```
## 配置文件支持
创建 `.security-audit.json` 自定义审计行为:
```json
{
"excludePaths": [
"/tmp",
"node_modules"
],
"severityThreshold": "medium",
"autoFix": false,
"reportFormat": "markdown"
}
```
配置文件搜索顺序:
1. 当前目录 `.security-audit.json`
2. `~/.openclaw/.security-audit.json`
3. `~/.openclaw/workspace/.security-audit.json`
## 飞书报告
### 发送报告
```bash
# 富文本格式(默认)
python3 scripts/send_report_to_feishu.py report.md
# 卡片格式
python3 scripts/send_report_to_feishu.py report.md --format card
# 指定 Webhook
python3 scripts/send_report_to_feishu.py report.md --webhook https://...
```
### 支持的消息格式
- **text** - 纯文本消息
- **rich** - 飞书富文本(post 类型),包含标题、加粗等样式
- **card** - 交互式卡片,支持颜色标签(红/橙/绿),摘要卡片化展示
### 发送方式优先级
1. OpenClaw 插件 API(如已配置飞书插件)
2. 飞书 Webhook(通过 `--webhook` 或 `FEISHU_WEBHOOK_URL` 环境变量)
3. 保存格式化消息供手动发送
## 报告格式
审计报告包含以下部分:
### 📊 执行摘要
- 审计时间、检查范围
- 通过/警告/失败统计
- 风险等级分布(严重/高/中/低)
### 🔍 详细检查结果
每个检查项包含:状态、风险等级、问题描述、影响范围、修复建议
### 📋 优先修复清单
按风险等级排序的问题列表,附带修复命令
## 参考资料
- [权限检查规则](references/permissions.md)
- [密钥检测规则](references/secrets-detection.md)
- [依赖漏洞扫描](references/dependency-audit.md)
- [代码安全最佳实践](references/code-security.md)
## 注意事项
- 首次运行可能需要安装额外依赖(`npm audit` 等)
- 某些检查需要 sudo/root 权限(如完整端口扫描)
- macOS 安全检查仅在 Darwin 平台执行
- 报告发送到飞书需要飞书插件已配置或提供 Webhook URL
---
**技能维护者**: 小小宝 🐾✨
**最后更新**: 2026-03-12Related Skills
Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
afrexai-cybersecurity-engine
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident response, or building security programs from scratch. Works with any stack — zero external dependencies.
Compliance & Audit Readiness Engine
Your AI compliance officer. Guides startups and scale-ups through SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS — from zero to audit-ready. No consultants needed.
Compliance Audit Generator
Run internal compliance audits against major frameworks without hiring a consultant.
AI Safety Audit
Comprehensive AI safety and alignment audit framework for businesses deploying AI agents. Built around the UK AI Security Institute Alignment Project standards (2026), EU AI Act requirements, and NIST AI RMF.
security-guardian
Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.
Skill Audit 🔍
扫描 OpenClaw skills 中的安全风险,防止供应链攻击。
HIPAA Compliance for AI Agents
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.
Data Governance Framework
Assess, score, and remediate your organization's data governance posture across 6 domains.
clickhouse-github-forensics
Query GitHub event data via ClickHouse for supply chain investigations, actor profiling, and anomaly detection. Use when investigating GitHub-based attacks, tracking repository activity, analyzing actor behavior patterns, detecting tag/release tampering, or reconstructing incident timelines from public GitHub data. Triggers on GitHub supply chain attacks, repo compromise investigations, actor attribution, tag poisoning, or "query github events".
mema-vault
Secure credential manager using AES-256 (Fernet) encryption. Stores, retrieves, and rotates secrets using a mandatory Master Key. Use for managing API keys, database credentials, and other sensitive tokens.
guardian-wall
Mitigate prompt injection attacks, especially indirect ones from external web content or files. Use this skill when processing untrusted text from the internet, user-uploaded files, or any external source to sanitize content and detect malicious instructions (e.g., "ignore previous instructions", "system override").