Audit and harden OpenClaw hosts for security and operational health.
This skill appears to be a host security-check prompt/workflow. It requires no secrets, declares no remote endpoints, and comes from an auditable open-source GitHub project with very strong community adoption. Overall risk is low, though it does guide a host agent to run local read-only security inspection commands, so it should still be used in a controlled, least-privilege environment.
The material explicitly states that no keys or environment variables are required, and the README says 'Never print secrets.' There is no visible design for collecting, uploading, or abusing credentials; credential risk is low.
No remote endpoint is declared, and the system checks also indicate no host. The documentation focuses on local/host security posture checks and does not describe sending user data to third-party services.
Although the system marks it as prompt-only, the README explicitly guides execution of local read-only commands such as `openclaw security audit --deep`, `ss`, and `systeminfo` for inspection. This is a typical local checking capability with no clear signs of privilege abuse or covert execution, but the runtime context and permission boundaries still matter.
The documentation suggests reading OS version, firewall status, listening ports, disk encryption, backups, and SSH status. This is read-only access aligned with the stated purpose, with no visible request to write arbitrary files or access unrelated data, though it does touch a meaningful range of system configuration and status information.
The source is an open-source GitHub repository, and the system labels it as open-source with extremely high community adoption (~377k stars), which are strong risk-reducing signals. The license and maintenance status are unclear, which is a minor information gap, but not enough to raise it to high risk without other red flags.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "healthcheck" skill from askskill: 1. Download https://raw.githubusercontent.com/openclaw/openclaw/main/skills/healthcheck/SKILL.md 2. Save it as ~/.claude/skills/healthcheck/SKILL.md 3. Reload skills and tell me it's ready
Please audit the security baseline of this OpenClaw host. Focus on SSH settings, firewall rules, system update status, and public exposure, then provide hardening recommendations prioritized by risk.
A risk-ranked security audit with findings, impact explanations, and specific hardening recommendations.
Please assess the OpenClaw host's backup strategy and disk encryption status. Explain current risks, missing controls, and how to meet basic disaster recovery and data protection requirements.
An assessment report on backups and encryption, listing risks, remediation items, and recommended configuration directions.
Please review OpenClaw gateway security and perimeter exposure, including entry services, open ports, access controls, and possible misconfigurations, then provide a prioritized remediation list.
A gateway security review describing exposure, configuration issues, and a prioritized remediation plan.
Goal: assess host risk, run read-only checks, then propose staged hardening without breaking access.
Ask only for missing facts. Simple phrasing preferred.
Ask once for permission to run read-only checks. Then run relevant commands.
Common:
openclaw security audit --deep
openclaw gateway status --deep
openclaw doctor
macOS:
sw_vers
lsof -nP -iTCP -sTCP:LISTEN
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
pfctl -s info
tmutil status
fdesetup status
softwareupdate --schedule
Linux:
cat /etc/os-release
ss -ltnup || ss -ltnp
ufw status || firewall-cmd --state || nft list ruleset
systemctl status ssh sshd
lsblk -f
Windows:
systeminfo
Get-NetFirewallProfile
Get-BitLockerVolume
After context is known, ask desired posture:
Offer only relevant items:
openclaw security audit --deep.Confirm exact action before applying.
Verify an OpenClaw release is fully published and working across all channels.
Fetch GitHub issues, create fixes, open PRs, and handle reviews.
Convert text to speech locally and offline with sherpa-onnx, no cloud needed.
Regenerate OpenClaw release changelog sections from Git history before releases.
Prepare and verify OpenClaw stable or beta releases and release notes.
Create and review technical docs and agent instruction files in repositories.
Inspect, patch, validate, and publish OpenClaw GHSA advisories securely.
Refactor OpenClaw docs pages with source-checked preservation, clearer structure, and verification.
Diagnose OpenClaw node pairing, auth, routing, and connection issues.
Helps maintainers triage, clean up, and resolve OpenClaw secret scanning alerts.
Run, debug, monitor, and summarize OpenClaw release CI workflows.
Connect OpenClaw to Claude Desktop for cross-assistant AI interaction.