Tools
Clawvitals
By Security vitals checker for OpenClaw, providing enhanced checks and functionality beyond the ClawVitals skill (https://clawhub.ai/bk-cm/clawvitals). Checks your installation for common misconfigurations and security issues, with scheduled scans, delta detection, regression alerts, and scan history. Full details: https://clawvitals.io/plugin
Install
openclaw plugins install clawhub:claw-security-vitalsConfiguration Example
{
"controls": { "mode": "expanded" }
}README
# ClawVitals Plugin
Security vitals checker for self-hosted [OpenClaw](https://openclaw.ai) installations. Recurring security checks, scan history, delta detection, and regression-aware alerting.
> This is the **plugin** โ the stateful, scheduled, telemetry-enabled upgrade from the [ClawVitals Skill](https://clawhub.ai/bk-cm/clawvitals).
---
## Contents
- [Skill vs Plugin](#skill-vs-plugin)
- [Install](#install)
- [Uninstall](#uninstall)
- [Commands](#commands)
- [Agent tools](#agent-tools)
- [Standard vs Expanded controls](#standard-vs-expanded-controls)
- [Example output](#example-output)
- [Regression alerts](#regression-alerts)
- [Scheduling](#scheduling)
- [Fleet Management](#fleet-management)
- [Exclusion management](#exclusion-management)
- [Telemetry](#telemetry)
- [Configuration](#configuration)
- [Directory structure](#directory-structure)
- [License](#license)
---
## Skill vs Plugin
The **ClawVitals skill** (on ClawHub) is stateless โ it runs a point-in-time scan, prints the result, and stores nothing. No telemetry, no network calls, no persistent state. It is locked and will not change.
The **plugin** is the upgrade path. It adds everything the skill deliberately omits:
| Feature | Skill | Plugin |
|---|---|---|
| Scan & score | โ
| โ
|
| Remediation steps | โ
| โ
|
| Experimental controls | โ
| โ
|
| Scan history & delta detection | โ | โ
|
| Recurring scheduled scans | โ | โ
|
| Regression + critical alerts | โ | โ
|
| Exclusion management | โ | โ
|
| Scan history on dashboard (coming soon) | โ | โ
|
| Fleet management (alias) | โ | โ
|
| Telemetry | none | **on by default (opt-out)** |
---
## Install
ClawVitals Plugin is published on [ClawHub](https://clawhub.ai/plugins/claw-security-vitals).
```bash
openclaw plugins install clawhub:claw-security-vitals
```
After installing, run your first scan:
```
run clawvitals
```
---
## Uninstall
```bash
openclaw plugins uninstall claw-security-vitals
```
After uninstalling, `run clawvitals` will fall back to the skill if it is still installed, or return a "not found" error if neither is installed.
> **Note:** Uninstalling does not delete your scan history. Run files are stored at `{workspace}/clawvitals/runs/` and are retained according to your configured retention policy (default: 90 days). To remove all data, delete this directory manually.
---
## Commands
These are chat commands you type directly in your OpenClaw messaging surface:
| Command | Description |
|---|---|
| `run clawvitals` | Run a full security scan (standard controls) |
| `run clawvitals --expanded` | Run scan with expanded system-level controls (see [expanded controls](#standard-vs-expanded-controls)) |
| `run clawvitals --standard` | Run scan with standard controls only (explicit) |
| `show clawvitals details` | Full report with all findings and remediation steps |
| `clawvitals status` | Show last scan time, score, schedule, and trial/plan status |
| `clawvitals help` | Show command reference |
---
## Agent tools
The following tools are invoked by the agent (not typed as chat commands). You can trigger them via natural language โ for example, say "set clawvitals schedule to daily" and the agent will call the appropriate tool.
| Tool | Description |
|---|---|
| `clawvitals_set_alias` | Set a friendly name for this host in reports and dashboard |
| `clawvitals_show_identity` | Show install UUID, alias, and dashboard link |
| `clawvitals_telemetry` | Enable or disable telemetry |
| `clawvitals_set_schedule` | Configure recurring scan cadence |
| `clawvitals_status` | Show current status |
| `clawvitals_trial_status` | Show trial status and upgrade options |
| `clawvitals_upgrade` | Upgrade to a paid plan |
| `clawvitals_configure_webhook` | Set up a webhook for alert delivery |
| `clawvitals_exclude` | Suppress a finding with a reason |
| `clawvitals_list_exclusions` | List all active exclusions |
| `clawvitals_remove_exclusion` | Remove an exclusion |
| `clawvitals_get_report` | Retrieve a scan report |
| `clawvitals_approve_cognitive_file` | Approve a cognitive file |
---
## Standard vs Expanded controls
By default the plugin runs in **standard mode** โ the same OpenClaw-native control set as the skill, plus scan history, delta detection, and alerting. Standard mode uses only the OpenClaw CLI (`openclaw security audit`, `openclaw health`, etc.) and requires no additional permissions.
**Expanded mode** adds a second layer of system-level checks that require direct filesystem and shell access. These are the checks the skill can never do.
### Switch to expanded mode
```
run clawvitals --expanded # one-off expanded scan
run clawvitals --standard # one-off standard scan (explicit default)
```
Or set it as your default via `openclaw.plugin.json`:
```json
{
"controls": { "mode": "expanded" }
}
```
### What expanded mode adds
| ID | Control | Severity | What it checks |
|---|---|---|---|
| **NC-OLLAMA-001** | Ollama not externally accessible | ๐ด Critical | Checks whether Ollama is running and if port 11434 is bound to a public interface. 175,000+ exposed Ollama instances found in 2026 โ active "LLMjacking" attacks target this. |
| **NC-NET-001** | Management interfaces not internet-exposed | ๐ด Critical | Scans open ports for SSH (22), Docker API (2375/2376), and common admin dashboards (8080, 9000) and checks whether they're reachable beyond localhost. |
| **NC-SECRET-001** | No secrets in env/config files | ๐ด Critical | Regex-scans `~/.env`, `.envrc`, and common config files for API key patterns. The most common cause of credential compromise. |
| **NC-SECRET-002** | No API keys in shell history | ๐ High | Scans `~/.zsh_history` and `~/.bash_history` for secret patterns (API keys, tokens, passwords passed as arguments). Commonly overlooked. |
| **NC-TUNNEL-001** | Cloudflare tunnel endpoints authenticated | ๐ High | Checks `~/.cloudflared/` config to confirm tunnel-exposed services require authentication. Unauthenticated tunnels are an open door. |
| **NC-DOCKER-001** | Containers not running as root or privileged | ๐ High | Runs `docker inspect` on running containers to check for `--privileged`, root user, or dangerous capability grants. Aligns with CIS Docker Benchmark. |
| **NC-OS-001** | OS auto-updates enabled | ๐ High | Checks that automatic OS updates are enabled (`softwareupdate` on macOS, `unattended-upgrades` on Linux). Often neglected on self-hosted machines. |
| **NC-OS-002** | Disk encryption enabled | ๐ High | Checks FileVault status (macOS) or LUKS encryption (Linux). Critical for Mac Mini and home server deployments where physical access is a real risk. |
All expanded checks are **read-only** โ nothing is modified. See [SECURITY.md](./SECURITY.md) for the full list of commands and file paths accessed.
### Expanded mode output
When expanded mode runs, the report clearly labels the section:
```
ClawVitals Plugin v1.0.1 ๐ ยท Expanded Scan
โโโ STANDARD CONTROLS โโโโโโโโโโโโโโโโโโโโโ
[standard control results โ see example output below]
โโโ EXPANDED CONTROLS โโโโโโโโโโโโโโโโโโโโโ
๐ด CRITICAL NC-OLLAMA-001 Ollama externally accessible
Evidence: Port 11434 bound to 0.0.0.0 โ accessible from outside localhost
Fix: Set OLLAMA_HOST=127.0.0.1 in your Ollama environment and restart:
launchctl setenv OLLAMA_HOST "127.0.0.1" # macOS
systemctl edit ollama # Linux (add Environment=OLLAMA_HOST=127.0.0.1)
โ https://clawvitals.io/docs/NC-OLLAMA-001
๐ HIGH NC-SECRET-002 API key pattern found in shell history
Evidence: Pattern matching sk-... found in ~/.zsh_history (line ~342)
Fix: Run `history -c` to clear in-memory history, then manually edit ~/.zsh_history
to remove the line. Rotate the exposed key immediately.
โ https://clawvitals.io/docs/NC-SECRET-002
โ
NC-NET-001 No management interfaces exposed
โ
NC-SECRET-001 No secrets found in env/config files
โ
NC-TUNNEL-001 Cloudflare tunnel endpoints authenticated
โ
NC-DOCKER-001 Containers not privileged
โ
NC-OS-001 Auto-updates enabled
โ
NC-OS-002 Disk encryption enabled (FileVault ON)
Expanded score: 2 new findings ยท 6 passed
```
---
## Example output
### Summary message (after `run clawvitals`)
```
ClawVitals Plugin v1.0.1 ๐
๐ด Security Score: 58 / 100 ยท RED
Host: mac-mini-home ยท Scanned: 2026-04-15 15:38 BST
Findings: 2 Critical ยท 1 High ยท 1 Medium
Delta: โฒ 1 new finding since last scan (2026-04-08)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
CRITICAL NC-OC-012 Gateway auth disabled
CRITICAL NC-OC-003 Command policy: deny-only mode
HIGH NC-VERS-001 OpenClaw update available (2026.3.13 โ 2026.4.1)
MEDIUM NC-OC-008 Channel health degraded
โถ Reply "show clawvitals details" for full report with remediation steps.
๐ Track your scans โ https://clawvitals.io/dashboard
```
### Full details (after `show clawvitals details`)
```
ClawVitals Plugin v1.0.1 ๐ ยท Full Report
Host: mac-mini-home ยท Control Library v1.0.1 ยท OpenClaw 2026.3.13
โโโ CRITICAL โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[NC-OC-012] Gateway auth disabled
Severity: Critical ยท Source: security_audit (authoritative)
Evidence: groups[0].auth.type = "none"
Fix: openclaw gateway auth set --type bearer --token <your-token>
Docs: https://clawvitals.io/docs/NC-OC-012
[NC-OC-003] Command policy: deny-only mode
Severity: Critical ยท Source: security_audit (authoritative)
Evidence: commandPolicy = "deny"
Fix: openclaw policy set --commands allowlist
Docs: https://clawvitals.io/docs/NC-OC-003
โโโ HIGH โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[NC-VERS-001] OpenClaw update available
Severity: High ยท Source: update_status (authoritative)
Evidence: current=2026.3.13, latest=2026.4.1, channel=stable
Fix: openclaw update
Docs: https://clawvitals.io/docs/NC-VERS-001
โโโ MEDIUM โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[NC-OC-008] Channel health degraded
Severity: Medium ยท Source: health (contextual)
Evidence: channels[0].status = "degraded"
Fix: Ch
... (truncated)
tools
Comments
Sign in to leave a comment