Agent Skills
› NeverSight/learn-skills.dev
› security-audit
security-audit
GitHubClawdbot部署安全审计技能,扫描凭证泄露、端口开放、弱配置及漏洞。支持快速/全面扫描、特定模块检查及自动生成报告。提供自动修复功能,如权限收紧和配置文件加固,无需外部依赖。
Trigger Scenarios
部署前安全检查
定期安全审计
发现潜在安全风险时
需要自动化修复常见安全问题
Install
npx skills add NeverSight/learn-skills.dev --skill security-audit -g -y
SKILL.md
Frontmatter
{
"name": "security-audit",
"description": "Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included."
}
Security Audit Skill
When to use
Run a security audit to identify vulnerabilities in your Clawdbot setup before deployment or on a schedule. Use auto-fix to remediate common issues automatically.
Setup
No external dependencies required. Uses native system tools where available.
How to
Quick audit (common issues)
node skills/security-audit/scripts/audit.cjs
Full audit (comprehensive scan)
node skills/security-audit/scripts/audit.cjs --full
Auto-fix common issues
node skills/security-audit/scripts/audit.cjs --fix
Audit specific areas
node skills/security-audit/scripts/audit.cjs --credentials # Check for exposed API keys
node skills/security-audit/scripts/audit.cjs --ports # Scan for open ports
node skills/security-audit/scripts/audit.cjs --configs # Validate configuration
node skills/security-audit/scripts/audit.cjs --permissions # Check file permissions
node skills/security-audit/scripts/audit.cjs --docker # Docker security checks
Generate report
node skills/security-audit/scripts/audit.cjs --full --json > audit-report.json
Output
The audit produces a report with:
| Level | Description |
|---|---|
| 🔴 CRITICAL | Immediate action required (exposed credentials) |
| 🟠 HIGH | Significant risk, fix soon |
| 🟡 MEDIUM | Moderate concern |
| 🟢 INFO | FYI, no action needed |
Checks Performed
Credentials
- API keys in environment files
- Tokens in command history
- Hardcoded secrets in code
- Weak password patterns
Ports
- Unexpected open ports
- Services exposed to internet
- Missing firewall rules
Configs
- Missing rate limiting
- Disabled authentication
- Default credentials
- Open CORS policies
Files
- World-readable files
- Executable by anyone
- Sensitive files in public dirs
Docker
- Privileged containers
- Missing resource limits
- Root user in container
Auto-Fix
The --fix option automatically:
- Sets restrictive file permissions (600 on .env)
- Secures sensitive configuration files
- Creates .gitignore if missing
- Enables basic security headers
Related skills
security-monitor- Real-time monitoring (available separately)
Version History
- e0220ca Current 2026-07-05 21:46


