macOS:

sw_vers
lsof -nP -iTCP -sTCP:LISTEN
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
pfctl -s info
tmutil status
fdesetup status
softwareupdate --schedule

Linux:

cat /etc/os-release
ss -ltnup || ss -ltnp
ufw status || firewall-cmd --state || nft list ruleset
systemctl status ssh sshd
lsblk -f

Windows:

systeminfo
Get-NetFirewallProfile
Get-BitLockerVolume

Risk profile

After context is known, ask desired posture:

1. Convenience: local/private, minimal prompts.
2. Balanced: secure defaults, low friction.
3. Strict: remote/public/sensitive data, more lock-down.

Report shape

• Current posture: one paragraph.
• Findings: severity + evidence + why it matters.
• Recommended plan: staged, reversible.
• Commands: read-only first; write actions only after approval.
• Gaps: what could not be checked.

Hardening menu

Offer only relevant items:

• Bind gateway to loopback/LAN/tailnet intentionally.
• Require auth for remote access.
• Close public ports or restrict by firewall.
• Enable OS security updates.
• Enable disk encryption.
• Verify backups and restore path.
• Disable password SSH or require keys/MFA where appropriate.
• Add scheduled openclaw security audit --deep.

Confirm exact action before applying.

sonoscli

帮助你发现并控制 Sonos 音箱，执行播放、音量和分组等操作。