security-monitor

Comprehensive security audit for OpenClaw deployments. Checks Docker port bindings, SSH config, openclaw.json settings, file permissions, exposed services, and firewall rules. Scores your deployment 0-100 with actionable recommendations. Use for security hardening and compliance checks.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-monitor" with this command: npx skills add aiwithabidi/security-monitor-deploy

Security Monitor 🛡️

Comprehensive security audit for OpenClaw deployments.

Scans your Docker configuration, SSH settings, firewall rules, OpenClaw config, and file permissions. Produces a security score (0-100) with actionable recommendations.

Quick Start

# Run full audit
bash {baseDir}/scripts/security_audit.sh

# JSON output
bash {baseDir}/scripts/security_audit.sh --json

# Specific checks only
bash {baseDir}/scripts/security_audit.sh --check docker
bash {baseDir}/scripts/security_audit.sh --check ssh
bash {baseDir}/scripts/security_audit.sh --check config
bash {baseDir}/scripts/security_audit.sh --check files
bash {baseDir}/scripts/security_audit.sh --check network

What It Checks

OpenClaw Config (25 points)

  • allowInsecureAuth must be false
  • dmPolicy must not be open/allow-all
  • Port bindings must use 127.0.0.1
  • API keys not hardcoded in config
  • Secure model permissions

Docker Security (25 points)

  • All port bindings use 127.0.0.1 (not 0.0.0.0)
  • No privileged containers (except necessary)
  • Docker socket permissions
  • Container resource limits
  • No --net=host unless needed

SSH Configuration (20 points)

  • Root login disabled (PermitRootLogin no)
  • Password authentication disabled
  • Key-based auth only
  • Non-standard port (bonus)
  • Fail2ban or similar active

Network & Services (15 points)

  • No unnecessary exposed ports
  • Firewall active (ufw/iptables)
  • Only expected services listening
  • HTTPS/TLS termination configured

File Permissions (15 points)

  • openclaw.json not world-readable
  • SSH keys proper permissions (600)
  • .env files not world-readable
  • Docker socket permissions
  • No sensitive files in /tmp

Scoring

ScoreRatingMeaning
90-100🟢 ExcellentProduction-ready
70-89🟡 GoodMinor improvements needed
50-69🟠 FairSeveral issues to address
0-49🔴 CriticalImmediate action required

Output Example

═══ Security Audit Report ═══
Date: 2026-02-15 00:30:00

[CONFIG] ✅ allowInsecureAuth: false
[CONFIG] ✅ dmPolicy: allowlist
[CONFIG] ✅ Ports bound to 127.0.0.1
[DOCKER] ✅ All containers bind to 127.0.0.1
[DOCKER] ⚠️  No resource limits on openclaw container
[SSH]    ✅ Root login disabled
[SSH]    ✅ Password auth disabled
[NET]    ✅ UFW active
[FILES]  ✅ Config file permissions OK

Score: 92/100 — 🟢 Excellent
Issues: 1 warning

Recommendations:
  1. Add resource limits to Docker containers

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Model Audit Pro

Monthly LLM stack audit — compare your current models against latest benchmarks and pricing from OpenRouter. Identifies potential savings, upgrades, and bett...

Registry SourceRecently Updated
3900Profile unavailable
Automation

GHL CRM Pro

GoHighLevel CRM integration — manage contacts, pipelines, conversations (SMS/email/WhatsApp), calendars, appointments, and workflows through the GHL API v2....

Registry SourceRecently Updated
4562Profile unavailable
General

Smart Auto-Updater Pro

OpenClaw auto-update checker and safe applier. Checks for new versions, compares changelogs, and applies updates with rollback safety. Designed to run as a c...

Registry SourceRecently Updated
4780Profile unavailable
Automation

Voice Agent Builder Pro

Build and manage Voice AI agents using Vapi, Bland.ai, or Retell. Create agents, configure voices, set prompts, make outbound calls, and retrieve transcripts...

Registry SourceRecently Updated
4680Profile unavailable