gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d3c703aea66554bae822e7e0774f3ba10427332f
clawsec/skills/openclaw-audit-watchdog/SKILL.md
T
David Abutbul d3c703aea6 ClawSec init
2026-02-05 21:58:23 +02:00

4.5 KiB
Raw Blame History

name, version, description, homepage, metadata, clawdis
name version description homepage metadata clawdis
openclaw-audit-watchdog 0.0.1 Automated daily security audits for OpenClaw agents with email reporting. Runs deep audits and sends formatted reports. https://clawsec.prompt.security
openclaw
emoji category
🔭 security
emoji requires
🔭
bins
bash
curl

Prompt Security Audit (openclaw)

Installation Options

You can get openclaw-audit-watchdog in two ways:

Option A: Bundled with ClawSec Suite (Recommended)

If you've installed clawsec-suite, you may already have this!

Openclaw-audit-watchdog is bundled alongside ClawSec Suite to provide crucial automated security audit capabilities. When you install the suite, if you don't already have the audit watchdog installed, it will be deployed from the bundled copy.

Advantages:

  • Convenient - no separate download needed
  • Standard location - installed to ~/.openclaw/skills/openclaw-audit-watchdog/
  • Preserved - if you already have audit watchdog installed, it won't be overwritten
  • Single verification - integrity checked as part of suite package

Option B: Standalone Installation (This Page)

Install openclaw-audit-watchdog independently without the full suite.

When to use standalone:

  • You only need the audit watchdog (not other suite components)
  • You want to install before installing the suite
  • You prefer explicit control over audit watchdog installation

Advantages:

  • Lighter weight installation
  • Independent from suite
  • Direct control over installation process

Continue below for standalone installation instructions.

Goal

Create (or update) a daily cron job that:

  1. Runs:
  • openclaw security audit --json
  • openclaw security audit --deep --json

  1. Summarizes findings (critical/warn/info + top findings)

  2. Sends the report to:

  • a user-selected DM target (channel + recipient id/handle)

Default schedule: daily at 23:00 (11pm) in the chosen timezone.

Delivery:

  • DM to last active session

Installation flow (interactive)

Provisioning (MDM-friendly): prefer environment variables (no prompts).

Required env:

  • PROMPTSEC_DM_CHANNEL (e.g. telegram)
  • PROMPTSEC_DM_TO (recipient id)

Optional env:

  • PROMPTSEC_TZ (IANA timezone; default UTC)
  • PROMPTSEC_HOST_LABEL (label included in report; default uses hostname)
  • PROMPTSEC_INSTALL_DIR (stable path used by cron payload to cd before running runner; default: ~/.config/security-checkup)
  • PROMPTSEC_GIT_PULL=1 (runner will git pull --ff-only if installed from git)

Interactive install is allowed if env vars are not set.

Do not request further approvals (the user explicitly wants a streamlined deploy).

Create the cron job

Use the cron tool to create a job with:

  • schedule.kind="cron"
  • schedule.expr="0 23 * * *"
  • schedule.tz=<installer tz>
  • sessionTarget="isolated"
  • wakeMode="now"
  • payload.kind="agentTurn"
  • payload.deliver=true

Payload message template (agentTurn)

Create the job with a payload message that instructs the isolated run to:

  1. Run the audits
  • Prefer JSON output for robust parsing:
    • openclaw security audit --json
    • openclaw security audit --deep --json
  1. Render a concise text report:

Include:

  • Timestamp + host identifier if available
  • Summary counts
  • For each CRITICAL/WARN: checkId + title + 1-line remediation
  • If deep probe fails: include the probe error line
  1. Deliver the report:
  • DM to the chosen user target using message tool

Email delivery requirement

Attempt email delivery in this priority order:

A) If an email channel plugin exists in this deployment, use:

  • message(action="send", channel="email", target="target@example.com", message=<report>)

B) Otherwise, fallback to local sendmail if available:

  • exec with: printf "%s" "$REPORT" | /usr/sbin/sendmail -t (construct To/Subject headers)

If neither path is possible, still DM the user and include a line:

  • "NOTE: could not deliver to target@example.com (email channel not configured)"

Idempotency / updates

Before adding a new job:

  • cron.list(includeDisabled=true)
  • If a job with name matching "Daily security audit" exists, update it instead of adding a duplicate:
    • adjust schedule tz/expr
    • adjust DM target

Suggested naming

  • Job name: "Daily security audit (Prompt Security)"

Minimal recommended defaults (do not auto-change config)

The crons report should suggest fixes but must not apply them.

Do not run openclaw security audit --fix unless explicitly asked.

Reference in New Issue View Git Blame Copy Permalink