security-audit

Name: security-audit
Rating: 3.5 (1 reviews)
Author: chandrasekar-r

By chandrasekar-r 👁 6 views ▲ 0 votes

Comprehensive security auditing for Clawdbot deployments.

GitHub

---
name: security-audit
description: Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
---

# Security Audit Skill

## When to use

Run a security audit to identify vulnerabilities in your Clawdbot setup before deployment or on a schedule. Use auto-fix to remediate common issues automatically.

## Setup

No external dependencies required. Uses native system tools where available.

## How to

### Quick audit (common issues)

```bash
node skills/security-audit/scripts/audit.cjs
```

### Full audit (comprehensive scan)

```bash
node skills/security-audit/scripts/audit.cjs --full
```

### Auto-fix common issues

```bash
node skills/security-audit/scripts/audit.cjs --fix
```

### Audit specific areas

```bash
node skills/security-audit/scripts/audit.cjs --credentials      # Check for exposed API keys
node skills/security-audit/scripts/audit.cjs --ports            # Scan for open ports
node skills/security-audit/scripts/audit.cjs --configs          # Validate configuration
node skills/security-audit/scripts/audit.cjs --permissions      # Check file permissions
node skills/security-audit/scripts/audit.cjs --docker           # Docker security checks
```

### Generate report

```bash
node skills/security-audit/scripts/audit.cjs --full --json > audit-report.json
```

## Output

The audit produces a report with:

| Level | Description |
|-------|-------------|
| 🔴 CRITICAL | Immediate action required (exposed credentials) |
| 🟠 HIGH | Significant risk, fix soon |
| 🟡 MEDIUM | Moderate concern |
| 🟢 INFO | FYI, no action needed |

## Checks Performed

### Credentials
- API keys in environment files
- Tokens in command history
- Hardcoded secrets in code
- Weak password patterns

### Ports
- Unexpected open ports
- Services exposed to internet
- Missing firewall rules

### Configs
- Missing rate limiting
- Disabled authentication
- Default credentials
- Open CORS policies

### Files
- World-readable files
- Executable by anyone
- Sensitive files in public dirs

### Docker
- Privileged containers
- Missing resource limits
- Root user in container

## Auto-Fix

The `--fix` option automatically:
- Sets restrictive file permissions (600 on .env)
- Secures sensitive configuration files
- Creates .gitignore if missing
- Enables basic security headers

## Related skills

- `security-monitor` - Real-time monitoring (available separately)

devops

Comments

Loading comments...

More by chandrasekar-r

security-skills

Security audit and real-time monitoring for Cla...

security-monitor

Real-time security monitoring for Clawdbot.

Similar Skills in DevOps

zhihu

Manage Zhihu (知乎) AI Bot integration.

yutori-web-research

Use Yutori’s Research API and Browsing API

youtube-api

YouTube API access without the official API quota hassle

ydc-ai-sdk-integration

Integrate Vercel AI SDK applications

web-deploy

Build and deploy websites, web apps, and APIs to production.

warden-studio-deploy

Use Warden Studio (studio.wardenprotocol.org)