Skills openclaw-security-policy-check
OpenClaw 网关安全自动化审计与配置检查工具。自动检查 OpenClaw 配置文件中的常见安全风险,执行安全审计。适用于:
install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/asantssec/openclaw-security-policy-check" ~/.claude/skills/clawdbot-skills-openclaw-security-policy-check && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/asantssec/openclaw-security-policy-check" ~/.openclaw/skills/clawdbot-skills-openclaw-security-policy-check && rm -rf "$T"
manifest:
skills/asantssec/openclaw-security-policy-check/SKILL.mdsource content
OpenClaw Security Policy Check
自动化安全审计配置工具,检测 OpenClaw 网关常见安全配置问题。
使用方法
node {baseDir}/scripts/audit.cjs
工作流程
- 读取配置文件:自动定位
~/.openclaw/openclaw.json - 检查配置:5 项关键安全配置
- 执行审计:运行
openclaw security audit --deep - 输出报告:汇总修复结果和审计发现
检查项说明
| 配置项 | 不安全值 | 安全值 |
|---|---|---|
| gateway.bind | 0.0.0.0 | 127.0.0.1 |
| gateway.auth.token | 短或默认 | 32位强随机 |
| controlUi.allowInsecureAuth | true | false |
| tools.exec.security | full | allowlist |
| tools.exec.ask | off | on-miss |
注意事项
- 首次使用建议备份配置文件
- 修改 token 后需要重启网关使配置生效
- 需要有 openclaw 命令行工具