DevOps & CloudDocumentedScanned
security-audit
Comprehensive security auditing for Clawdbot deployments.
Share:
Installation
npx clawhub@latest install security-auditView the full skill documentation and source below.
Documentation
Security Audit Skill
When to use
Run a security audit to identify vulnerabilities in your Clawdbot setup before deployment or on a schedule. Use auto-fix to remediate common issues automatically.
Setup
No external dependencies required. Uses native system tools where available.
How to
Quick audit (common issues)
node skills/security-audit/scripts/audit.cjsFull audit (comprehensive scan)
node skills/security-audit/scripts/audit.cjs --fullAuto-fix common issues
node skills/security-audit/scripts/audit.cjs --fixAudit specific areas
node skills/security-audit/scripts/audit.cjs --credentials # Check for exposed API keys
node skills/security-audit/scripts/audit.cjs --ports # Scan for open ports
node skills/security-audit/scripts/audit.cjs --configs # Validate configuration
node skills/security-audit/scripts/audit.cjs --permissions # Check file permissions
node skills/security-audit/scripts/audit.cjs --docker # Docker security checksGenerate report
node skills/security-audit/scripts/audit.cjs --full --json > audit-report.jsonOutput
The audit produces a report with:
| Level | Description |
| 🔴 CRITICAL | Immediate action required (exposed credentials) |
| 🟠 HIGH | Significant risk, fix soon |
| 🟡 MEDIUM | Moderate concern |
| 🟢 INFO | FYI, no action needed |
Checks Performed
Credentials
- API keys in environment files
- Tokens in command history
- Hardcoded secrets in code
- Weak password patterns
Ports
- Unexpected open ports
- Services exposed to internet
- Missing firewall rules
Configs
- Missing rate limiting
- Disabled authentication
- Default credentials
- Open CORS policies
Files
- World-readable files
- Executable by anyone
- Sensitive files in public dirs
Docker
- Privileged containers
- Missing resource limits
- Root user in container
Auto-Fix
The --fix option automatically:
- Sets restrictive file permissions (600 on .env)
- Secures sensitive configuration files
- Creates .gitignore if missing
- Enables basic security headers
Related skills
security-monitor- Real-time monitoring (available separately)