ClawSkills logoClawSkills

Security Audit

Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.

Visit Website

Introduction

# Security Audit Skill

## When to use

Run a security audit to identify vulnerabilities in your Clawdbot setup before deployment or on a schedule. Use auto-fix to remediate common issues automatically.

## Setup

No external dependencies required. Uses native system tools where available.

## How to

### Quick audit (common issues)

```bash node skills/security-audit/scripts/audit.cjs ```

### Full audit (comprehensive scan)

```bash node skills/security-audit/scripts/audit.cjs --full ```

### Auto-fix common issues

```bash node skills/security-audit/scripts/audit.cjs --fix ```

### Audit specific areas

```bash node skills/security-audit/scripts/audit.cjs --credentials # Check for exposed API keys node skills/security-audit/scripts/audit.cjs --ports # Scan for open ports node skills/security-audit/scripts/audit.cjs --configs # Validate configuration node skills/security-audit/scripts/audit.cjs --permissions # Check file permissions node skills/security-audit/scripts/audit.cjs --docker # Docker security checks ```

### Generate report

```bash node skills/security-audit/scripts/audit.cjs --full --json > audit-report.json ```

## Output

The audit produces a report with:

| Level | Description | |-------|-------------| | 🔴 CRITICAL | Immediate action required (exposed credentials) | | 🟠 HIGH | Significant risk, fix soon | | 🟡 MEDIUM | Moderate concern | | 🟢 INFO | FYI, no action needed |

## Checks Performed

### Credentials - API keys in environment files - Tokens in command history - Hardcoded secrets in code - Weak password patterns

### Ports - Unexpected open ports - Services exposed to internet - Missing firewall rules

### Configs - Missing rate limiting - Disabled authentication - Default credentials - Open CORS policies

### Files - World-readable files - Executable by anyone - Sensitive files in public dirs

### Docker - Privileged containers - Missing resource limits - Root user in container

## Auto-Fix

The `--fix` option automatically: - Sets restrictive file permissions (600 on .env) - Secures sensitive configuration files - Creates .gitignore if missing - Enables basic security headers

## Related skills

- `security-monitor` - Real-time monitoring (available separately)

Back

More Products

Obsidian

Security & Passwords

Work with Obsidian vaults (plain Markdown notes) and automate via obsidian-cli.

10.8K

Mcporter

Security & Passwords

Use the mcporter CLI to list, configure, auth, and call MCP servers/tools directly (HTTP or stdio), including ad-hoc servers, config edits, and CLI/type generat

9.7K

YouTube

Security & Passwords

YouTube Data API integration with managed OAuth. Search videos, manage playlists, access channel data, and interact with comments. Use this skill when users wan

8.5K