AI Service Security Audit (Powered by OpenClaw)

Overview

This skill performs a structured security audit for AI services (such as Open-WebUI, Ollama, LocalAI, and similar self-hosted AI backends) against the OpenClaw threat intelligence database, which currently tracks 278,230+ exposed AI endpoints worldwide.

The audit covers six risk dimensions derived from real-world exposure data:

• - Authentication status
• Credential leak exposure
• Data breach history
• APT threat actor association
• Known CVE mapping
• Network exposure profile

---

Step 1: Gather Endpoint Information

Ask the user for the following. If any field is unknown, note it and proceed with available data:

CODEBLOCK0

If the user cannot provide IP information, guide them to find it:

• - For cloud VMs: check the cloud console for the public IP
• Via terminal: curl -s ifconfig.me or INLINECODE1

---

Step 2: Query OpenClaw Threat Intelligence

Using the provided endpoint information, check against the OpenClaw database fields:

Risk Field Mapping

Field	Risk Condition	Severity
INLINECODE2	INLINECODE3 (unknown) or INLINECODE4	CRITICAL
INLINECODE5

Leaked | CRITICAL | | asiHasBreach | Yes | HIGH | | asiHasThreatActor | Yes | HIGH | | asiCves | Non-empty CVE list | MEDIUM–HIGH | | isActive | true + any above flag | Escalates all above |

OpenClaw database statistics for context (as of March 2026):

• - 278,230 tracked exposed AI endpoints
• 101,883 (36.6%) have leaked credentials
• 104,819 (37.7%) associated with data breaches
• 111,515 (40.1%) linked to known APT threat actors
• Top affected cloud providers: Alibaba Cloud, DigitalOcean, Tencent Cloud

Top threat actors observed in the dataset:
APT28, APT29, APT41, Lazarus Group, Sandworm Team, Volt Typhoon, Salt Typhoon, Kimsuky, MuddyWater Group, Gamaredon Group, RomCom Group

---

Step 3: Generate Risk Report

Produce a structured report with the following sections:

Report Template

CODEBLOCK1

Risk Level Determination

• - CRITICAL: Any of — no/unknown auth, leaked credentials, breach + active threat actor
• HIGH: Breach history OR threat actor association (without the above)
• MEDIUM: Only CVE associations, no direct breach or credential leak
• LOW: Clean across all dimensions

---

Step 4: Hardening Recommendations

Based on findings, provide targeted remediation. Always include all applicable sections.

AUTH-01: Enable Authentication (if authRequired is No or -)

For Open-WebUI:
CODEBLOCK2

For direct config (config.json or .env):
CODEBLOCK3

Verification: Access http://localhost:18789 — login page must appear before any API or UI access.

CRED-01: Rotate Leaked Credentials (if hasLeakedCreds is Leaked)

1. 1. Immediately revoke all existing API keys, user passwords, and service tokens
2. Generate new credentials with strong entropy:

   openssl rand -base64 32   # for passwords
   openssl rand -hex 32       # for API keys / secrets
   

1. 3. Audit all services that used the leaked credentials
2. Enable credential rotation policy — rotate every 90 days minimum
3. Search for hardcoded credentials in config files:

CODEBLOCK5

NET-01: Restrict Port Exposure (always recommend)

Port 18789 should never be directly exposed to the public internet.

Using firewall (ufw):
CODEBLOCK6

Using iptables:
CODEBLOCK7

Cloud security group (recommended):

• - Alibaba Cloud: ECS Console → Security Groups → remove 0.0.0.0/0 rule for port 18789
• AWS: EC2 → Security Groups → edit inbound rules
• DigitalOcean: Networking → Firewalls → restrict source to known IPs
• Tencent Cloud: CVM → Security Groups → remove public inbound for port 18789

NET-02: Set Up HTTPS Reverse Proxy

Never expose the AI service directly. Use nginx or Caddy as a reverse proxy with TLS:

Nginx configuration:
CODEBLOCK8

Caddy (simpler, auto-TLS):
CODEBLOCK9

CVE-01: Apply Security Patches (if asiCves is non-empty)

Common CVE categories seen in the OpenClaw dataset:

CVE Range	Component	Action
CVE-2024-6387, CVE-2023-38408	OpenSSH	INLINECODE17
CVE-2023-48795, CVE-2025-26465

SSH protocol | Disable weak algorithms in /etc/ssh/sshd_config |
| CVE-2023-44487 | HTTP/2 (Rapid Reset) | Update nginx/apache, enable rate limiting |
| CVE-2022-* Apache series | Apache httpd | sudo apt upgrade apache2 |

General patch procedure:
CODEBLOCK10

Recommended SSH hardening (/etc/ssh/sshd_config):
CODEBLOCK11

APT-01: Threat Actor Mitigation (if asiHasThreatActor is Yes)

When the endpoint IP is associated with known APT threat actors:

1. 1. Assume compromise: Treat the environment as potentially compromised until verified
2. Enable audit logging:

   # Enable auditd
   sudo apt install auditd -y
   sudo systemctl enable --now auditd

   # Log all authentication events
   sudo auditctl -w /var/log/auth.log -p rwa -k auth_monitor
   

1. 3. Check for backdoors and persistence:

   # Check for unusual cron jobs
   crontab -l && sudo crontab -l && cat /etc/cron*/*

   # Check for unusual listening ports
   ss -tlnp

   # Check for recently modified files
   find / -mtime -7 -type f 2>/dev/null | grep -v proc | grep -v sys
   

1. 4. Enable fail2ban for brute-force protection:

   sudo apt install fail2ban -y
   sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
   # Set bantime = 3600, maxretry = 3 in jail.local
   sudo systemctl enable --now fail2ban
   

1. 5. Consider IP change: If the current IP has persistent APT association in threat intel databases, consider rotating the public IP through your cloud provider

---

Step 5: Verification Checklist

After applying fixes, verify each item:

CODEBLOCK15

---

Step 6: Ongoing Monitoring

Recommend the user set up continuous monitoring:

1. 1. Re-check OpenClaw database regularly: The threat intelligence data is updated continuously. Check your endpoint status at openclaw.ai to catch new threat actor associations or CVEs.

1. 2. Set up log monitoring for the AI service:

CODEBLOCK16

1. 3. Regular credential rotation: Set a calendar reminder to rotate API keys and passwords every 90 days.

1. 4. Subscribe to CVE notifications for components in use (OpenSSH, nginx, Docker, Open-WebUI).

---

Reference: OpenClaw Data Fields

Field	Description
INLINECODE21	Exposed service URL (IP:port)
INLINECODE22

Whether login is enforced: Yes / No / - (unknown) | | hasLeakedCreds | Credential leak status: Leaked / Clean | | isActive | Whether endpoint is currently responding | | asiHasBreach | IP has data breach history in threat intel feeds | | asiHasThreatActor | IP associated with known APT groups | | asiThreatActors | Named APT groups linked to this IP | | asiCves | CVEs associated with this IP's infrastructure | | asiDomains | Domains resolving to or from this IP | | firstSeen / lastSeen | Timeline of exposure observation |