OpenClaw PC Security
Description
Security self-check and risk alerting for:
- - Windows baseline (version/build, last security update date, support status, patch lag)
- Local OpenClaw CLI version vs latest (optional online check)
- OpenClaw server configuration safety (password protection, default port use, public exposure)
- Optional OpenClaw target checks (authorized use only)
When to use
Use this skill when you need to:
- - Check whether Windows is out of support or significantly behind updates
- Confirm whether OpenClaw is up to date on your machine
- If you deployed OpenClaw on a VPS/personal server, verify the setup is safe (password protection on, avoid default port, restrict exposure)
- Generate a local HTML/JSON report for your own reference (do not upload publicly)
Input
- - Local machine information (Windows version/build, last update date)
- Optional OpenClaw config file path for server-side checks (e.g., config.json)
- Optional target host/IP and ports for OpenClaw probing (authorized environments only)
Output
- - Severity-based findings (Info/Medium/High/Critical)
- HTML/JSON report under �INLINECODE0
-
output/audit_report.html /
output/audit_report.json
-
output/scan_report.html /
output/scan_report.json
-
defender_status,
browser_outdated,
browser_info,
windows_support_status
-
server_config_not_found,
server_auth_disabled,
server_auth_enabled
-
server_default_port,
server_custom_port,
server_exposed_public,
server_local_only
-
openclaw_outdated,
openclaw_version_mismatch,
windows_patch_lag, �INLINECODE19
Steps
1) Local audit
�CODEBLOCK0
Optional: if you know your OpenClaw config file path:
�CODEBLOCK1
2) Scan a target (authorized environments only)
�CODEBLOCK2
Optional: enable active checks explicitly (disabled by default)
�CODEBLOCK3
Notes
- - The server configuration checks are performed locally and do not send data to external services.
- The HTML report supports CN/EN toggle and Simple/Detailed mode.
- Active network checks must ONLY be used on systems you own or have explicit authorization to test.
- DO NOT upload tokens, credentials, or reports (output/) to public repositories.
- Reports are written under
output/ when using the provided scripts. - If OpenClaw is outdated: after upgrading, some or all functions may be unavailable; assess carefully.
- After the HTML report is generated, print the report path in the chat for the user's reference. Do NOT upload or send the report file unless the user explicitly requests it and provides a secure destination. Reports may contain sensitive information, so always handle them with caution.
OpenClaw PC安全
描述
针对以下内容的安全自检与风险告警:
- - Windows基线(版本/内部版本、最后安全更新日期、支持状态、补丁滞后情况)
- 本地OpenClaw CLI版本与最新版本对比(可选在线检查)
- OpenClaw服务器配置安全性(密码保护、默认端口使用、公网暴露情况)
- 可选的OpenClaw目标检查(仅限授权使用)
使用时机
在以下场景中可使用此技能:
- - 检查Windows是否已停止支持或严重落后于更新
- 确认您机器上的OpenClaw是否为最新版本
- 如果您在VPS/个人服务器上部署了OpenClaw,验证配置是否安全(启用密码保护、避免使用默认端口、限制暴露范围)
- 生成本地HTML/JSON报告供自己参考(请勿公开上传)
输入
- - 本地机器信息(Windows版本/内部版本、最后更新日期)
- 可选的OpenClaw配置文件路径,用于服务器端检查(例如config.json)
- 可选的目标主机/IP和端口,用于OpenClaw探测(仅限授权环境)
输出
- - 基于严重程度的发现结果(信息/中等/高/严重)
- 位于output/目录下的HTML/JSON报告
- output/audit
report.html / output/auditreport.json
- output/scan
report.html / output/scanreport.json
- defender
status、browseroutdated、browser
info、windowssupport_status
- server
confignot
found、serverauth
disabled、serverauth_enabled
- server
defaultport、server
customport、server
exposedpublic、server
localonly
- openclaw
outdated、openclawversion
mismatch、windowspatch
lag、weakcredentials
步骤
1) 本地审计
bash
python scripts/run_audit.py --npm-view-latest-openclaw --out-dir output
可选:如果您知道OpenClaw配置文件路径:
bash
python scripts/run_audit.py --server-config-path --out-dir output
2) 扫描目标(仅限授权环境)
bash
python scripts/run_scan.py
--ports 18789,18790,18792 --out-dir output
可选:显式启用主动检查(默认禁用)
bash
python scripts/run_scan.py --ports 18789,18790,18792 --enable-cred-check --enable-leak-check --out-dir output
注意事项
- - 服务器配置检查在本地执行,不会向外部服务发送数据。
- HTML报告支持中/英文切换以及简单/详细模式。
- 主动网络检查必须仅用于您拥有或已获得明确授权测试的系统。
- 请勿将令牌、凭据或报告(output/)上传到公共仓库。
- 使用提供的脚本时,报告将写入output/目录下。
- 如果OpenClaw版本过旧:升级后,部分或全部功能可能不可用,请仔细评估。
- HTML报告生成后,请在聊天中打印报告路径供用户参考。除非用户明确要求并提供安全的目标位置,否则请勿上传或发送报告文件。报告可能包含敏感信息,请务必谨慎处理。
