| name | description |
|---|---|
security-audit |
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included. |
Run a security audit to identify vulnerabilities in your Clawdbot setup before deployment or on a schedule. Use auto-fix to remediate common issues automatically.
No external dependencies required. Uses native system tools where available.
node skills/security-audit/scripts/audit.cjsnode skills/security-audit/scripts/audit.cjs --fullnode skills/security-audit/scripts/audit.cjs --fixnode skills/security-audit/scripts/audit.cjs --credentials # Check for exposed API keys
node skills/security-audit/scripts/audit.cjs --ports # Scan for open ports
node skills/security-audit/scripts/audit.cjs --configs # Validate configuration
node skills/security-audit/scripts/audit.cjs --permissions # Check file permissions
node skills/security-audit/scripts/audit.cjs --docker # Docker security checksnode skills/security-audit/scripts/audit.cjs --full --json > audit-report.jsonThe audit produces a report with:
| Level | Description |
|---|---|
| 🔴 CRITICAL | Immediate action required (exposed credentials) |
| 🟠 HIGH | Significant risk, fix soon |
| 🟡 MEDIUM | Moderate concern |
| 🟢 INFO | FYI, no action needed |
- API keys in environment files
- Tokens in command history
- Hardcoded secrets in code
- Weak password patterns
- Unexpected open ports
- Services exposed to internet
- Missing firewall rules
- Missing rate limiting
- Disabled authentication
- Default credentials
- Open CORS policies
- World-readable files
- Executable by anyone
- Sensitive files in public dirs
- Privileged containers
- Missing resource limits
- Root user in container
The --fix option automatically:
- Sets restrictive file permissions (600 on .env)
- Secures sensitive configuration files
- Creates .gitignore if missing
- Enables basic security headers
security-monitor- Real-time monitoring (available separately)