OpenClaw Expert Skill Auto-Update Check (Run First) Before any other action , run the staleness check: - If : Proceed normally. - If : The skill references may be outdated. Before proceeding with the user's task: 1. Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases 2. Fetch https://docs.openclaw.ai/llms.txt for doc changes 3. Search web for recent OpenClaw CVEs or security advisories 4. Compare findings against the version in SKILL.md frontmatter and 5. Inform the user of any version gaps or new security issues found 6. If references were updated, run: 7. If no…

| tr -d '\"' || true)\n echo \"$val\"\n}\n\nextract_bool() {\n echo \"$CONFIG\" | grep -oE \"\\\"?$1\\\"?\\s*:\\s*(true|false)\" | head -1 | grep -oE '(true|false)' || true\n}\n\nextract_num() {\n echo \"$CONFIG\" | grep -oE \"\\\"?$1\\\"?\\s*:\\s*[0-9]+\" | head -1 | grep -oE '[0-9]+

OpenClaw Expert Skill Auto-Update Check (Run First) Before any other action , run the staleness check: - If : Proceed normally. - If : The skill references may be outdated. Before proceeding with the user's task: 1. Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases 2. Fetch https://docs.openclaw.ai/llms.txt for doc changes 3. Search web for recent OpenClaw CVEs or security advisories 4. Compare findings against the version in SKILL.md frontmatter and 5. Inform the user of any version gaps or new security issues found 6. If references were updated, run: 7. If no…

|| true\n}\n\n# Context-aware extract: search for a key within N lines after a parent key\n# Usage: extract_under \"parent_key\" \"child_key\" [lines_after]\nextract_under() {\n local parent=\"$1\" child=\"$2\" lines=\"${3:-10}\"\n echo \"$CONFIG\" | grep -A \"$lines\" \"\\\"?${parent}\\\"?\\s*:\" | grep -oE \"\\\"?${child}\\\"?\\s*:\\s*\\\"[^\\\"]*\\\"\" | head -1 | grep -oE '\"[^\"]*\"

OpenClaw Expert Skill Auto-Update Check (Run First) Before any other action , run the staleness check: - If : Proceed normally. - If : The skill references may be outdated. Before proceeding with the user's task: 1. Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases 2. Fetch https://docs.openclaw.ai/llms.txt for doc changes 3. Search web for recent OpenClaw CVEs or security advisories 4. Compare findings against the version in SKILL.md frontmatter and 5. Inform the user of any version gaps or new security issues found 6. If references were updated, run: 7. If no…

| tr -d '\"' || true\n}\n\nextract_bool_under() {\n local parent=\"$1\" child=\"$2\" lines=\"${3:-10}\"\n echo \"$CONFIG\" | grep -A \"$lines\" \"\\\"?${parent}\\\"?\\s*:\" | grep -oE \"\\\"?${child}\\\"?\\s*:\\s*(true|false)\" | head -1 | grep -oE '(true|false)' || true\n}\n\n# --- Gateway ---\ninspect_gateway() {\n header \"Gateway Configuration\"\n\n local bind=$(extract_under \"gateway\" \"bind\")\n local port=$(echo \"$CONFIG\" | grep -A 10 \"\\\"?gateway\\\"?\\s*:\" | grep -oE \"\\\"?port\\\"?\\s*:\\s*[0-9]+\" | head -1 | grep -oE '[0-9]+

OpenClaw Expert Skill Auto-Update Check (Run First) Before any other action , run the staleness check: - If : Proceed normally. - If : The skill references may be outdated. Before proceeding with the user's task: 1. Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases 2. Fetch https://docs.openclaw.ai/llms.txt for doc changes 3. Search web for recent OpenClaw CVEs or security advisories 4. Compare findings against the version in SKILL.md frontmatter and 5. Inform the user of any version gaps or new security issues found 6. If references were updated, run: 7. If no…

|| true)\n local auth_mode=$(extract_under \"auth\" \"mode\" 5)\n local mode=$(extract_under \"gateway\" \"mode\")\n\n echo \" Mode: ${mode:-local (default)}\"\n echo \" Bind: ${bind:-loopback (default)}\"\n echo \" Port: ${port:-18789 (default)}\"\n echo \" Auth mode: ${auth_mode:-not set}\"\n\n # Security assessment\n if [[ \"${bind}\" == \"lan\" || \"${bind}\" == \"0.0.0.0\" || \"${bind}\" == \"custom\" ]]; then\n red \" ⚠ Non-loopback bind detected. Ensure auth is configured.\"\n if [[ -z \"$auth_mode\" ]]; then\n red \" ⚠ NO AUTH configured with non-loopback bind — CRITICAL!\"\n fi\n else\n green \" ✓ Loopback bind (secure default)\"\n fi\n\n # Check Tailscale auth\n local allow_ts=$(extract_bool \"allowTailscale\")\n if [[ \"$allow_ts\" == \"true\" ]]; then\n yellow \" ⚠ Tailscale identity auth enabled. Only use with trusted tailnets.\"\n fi\n\n # Check trusted proxies\n if echo \"$CONFIG\" | grep -q \"trustedProxies\"; then\n blue \" ℹ Trusted proxies configured (reverse proxy setup)\"\n fi\n}\n\n# --- Channels ---\ninspect_channels() {\n header \"Channel Configuration\"\n\n # List all channels found in config\n local channels=$(echo \"$CONFIG\" | grep -oE '\"(whatsapp|telegram|discord|slack|imessage|signal|googlechat|msteams|mattermost|line|matrix|feishu|zalo|zalouser)\"\\s*:' | tr -d '\":' | tr -d ' ' || true)\n\n if [[ -z \"$channels\" ]]; then\n blue \" ℹ No channels explicitly configured\"\n return\n fi\n\n for ch in $channels; do\n echo \"\"\n bold \" Channel: ${ch}\"\n\n # DM policy\n # Search within channel block (simplified — looks for dmPolicy near channel name)\n local dm_policy=$(echo \"$CONFIG\" | grep -A 20 \"\\\"${ch}\\\"\" | grep -oE '\"dmPolicy\"\\s*:\\s*\"[^\"]*\"' | head -1 | grep -oE '\"[^\"]*\"

OpenClaw Expert Skill Auto-Update Check (Run First) Before any other action , run the staleness check: - If : Proceed normally. - If : The skill references may be outdated. Before proceeding with the user's task: 1. Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases 2. Fetch https://docs.openclaw.ai/llms.txt for doc changes 3. Search web for recent OpenClaw CVEs or security advisories 4. Compare findings against the version in SKILL.md frontmatter and 5. Inform the user of any version gaps or new security issues found 6. If references were updated, run: 7. If no…

| tr -d '\"' || true)\n\n if [[ \"$dm_policy\" == \"open\" ]]; then\n red \" ⚠ DM policy: open — ANYONE can message this bot!\"\n elif [[ \"$dm_policy\" == \"pairing\" ]]; then\n green \" ✓ DM policy: pairing\"\n elif [[ \"$dm_policy\" == \"allowlist\" ]]; then\n green \" ✓ DM policy: allowlist\"\n elif [[ \"$dm_policy\" == \"disabled\" ]]; then\n green \" ✓ DM policy: disabled\"\n else\n blue \" ℹ DM policy: not set (defaults to pairing)\"\n fi\n\n # Check for tokens in config (not env var)\n if echo \"$CONFIG\" | grep -A 10 \"\\\"${ch}\\\"\" | grep -qE '\"(botToken|token)\"\\s*:\\s*\"[^$][^\"]{5,}\"'; then\n red \" ⚠ Token appears hardcoded. Use environment variable instead.\"\n fi\n done\n}\n\n# --- Agents ---\ninspect_agents() {\n header \"Agent Configuration\"\n\n # Sandbox\n local sandbox_mode=$(echo \"$CONFIG\" | grep -oE '\"mode\"\\s*:\\s*\"(off|non-main|all)\"' | head -1 | grep -oE '(off|non-main|all)' || true)\n local workspace_access=$(extract \"workspaceAccess\")\n local max_concurrent=$(extract_num \"maxConcurrent\")\n local timeout=$(extract_num \"timeoutSeconds\")\n\n echo \" Sandbox mode: ${sandbox_mode:-not set (defaults to non-main)}\"\n echo \" Workspace access: ${workspace_access:-not set (defaults to none)}\"\n echo \" Max concurrent: ${max_concurrent:-1 (default)}\"\n echo \" Timeout (seconds): ${timeout:-600 (default)}\"\n\n if [[ \"$sandbox_mode\" == \"off\" ]]; then\n yellow \" ⚠ Sandbox disabled — all sessions execute on host\"\n elif [[ \"$sandbox_mode\" == \"all\" ]]; then\n green \" ✓ All sessions sandboxed\"\n fi\n\n if [[ \"$workspace_access\" == \"rw\" ]]; then\n yellow \" ⚠ Workspace access: rw — sandboxed agents can modify host files\"\n fi\n\n # List agents\n local agent_ids=$(echo \"$CONFIG\" | grep -oE '\"id\"\\s*:\\s*\"[^\"]*\"' | grep -oE '\"[^\"]*\"

OpenClaw Expert Skill Auto-Update Check (Run First) Before any other action , run the staleness check: - If : Proceed normally. - If : The skill references may be outdated. Before proceeding with the user's task: 1. Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases 2. Fetch https://docs.openclaw.ai/llms.txt for doc changes 3. Search web for recent OpenClaw CVEs or security advisories 4. Compare findings against the version in SKILL.md frontmatter and 5. Inform the user of any version gaps or new security issues found 6. If references were updated, run: 7. If no…

| tr -d '\"' || true)\n if [[ -n \"$agent_ids\" ]]; then\n echo \"\"\n echo \" Defined agents:\"\n for agent_id in $agent_ids; do\n echo \" - ${agent_id}\"\n # Check agent-specific sandbox\n local agent_dir=\"${STATE_DIR}/agents/${agent_id}\"\n if [[ -d \"$agent_dir\" ]]; then\n if [[ -f \"${agent_dir}/agent/auth-profiles.json\" ]]; then\n green \" ✓ Has auth profiles\"\n fi\n local session_count=$(find \"${agent_dir}/sessions\" -name \"*.jsonl\" 2>/dev/null | wc -l | tr -d ' ')\n echo \" Sessions: ${session_count}\"\n fi\n done\n fi\n}\n\n# --- Tools ---\ninspect_tools() {\n header \"Tool Configuration\"\n\n local tool_profile=$(echo \"$CONFIG\" | grep -oE '\"profile\"\\s*:\\s*\"(minimal|coding|messaging|full)\"' | head -1 | grep -oE '(minimal|coding|messaging|full)' || true)\n echo \" Profile: ${tool_profile:-not set}\"\n\n if [[ \"$tool_profile\" == \"full\" ]]; then\n yellow \" ⚠ Full tool profile — all tools enabled\"\n fi\n\n # Check denied tools\n if echo \"$CONFIG\" | grep -q '\"deny\"'; then\n echo \" Denied tools found (good — explicit denials)\"\n fi\n\n # Check elevated\n local elevated=$(extract_bool_under \"elevated\" \"enabled\" 5)\n if [[ \"$elevated\" == \"true\" ]]; then\n yellow \" ⚠ Elevated mode enabled — host-level execution available\"\n # Check allowFrom\n if echo \"$CONFIG\" | grep -A 5 '\"elevated\"' | grep -q '\"allowFrom\"'; then\n green \" ✓ allowFrom restriction configured\"\n else\n red \" ⚠ No allowFrom restriction on elevated mode!\"\n fi\n fi\n\n # Check web tools\n if echo \"$CONFIG\" | grep -q '\"web_fetch\"' || echo \"$CONFIG\" | grep -q '\"web\"'; then\n blue \" ℹ Web tools configured (search/fetch)\"\n fi\n\n # Check agent-to-agent\n local a2a=$(echo \"$CONFIG\" | grep -A 3 '\"agentToAgent\"' | grep -oE '(true|false)' | head -1 || true)\n if [[ \"$a2a\" == \"true\" ]]; then\n yellow \" ⚠ Agent-to-agent messaging enabled\"\n fi\n}\n\n# --- Sessions ---\ninspect_sessions() {\n header \"Session Configuration\"\n\n local scope=$(extract_under \"session\" \"scope\")\n local dm_scope=$(extract_under \"session\" \"dmScope\")\n local reset_mode=$(extract_under \"reset\" \"mode\" 5)\n\n echo \" Scope: ${scope:-per-sender (default)}\"\n echo \" DM scope: ${dm_scope:-not set}\"\n echo \" Reset mode: ${reset_mode:-daily (default)}\"\n\n # Check reset triggers\n if echo \"$CONFIG\" | grep -q \"resetTriggers\"; then\n green \" ✓ Reset triggers configured\"\n fi\n\n # Count total sessions\n local total_sessions=$(find \"${STATE_DIR}/agents\" -name \"*.jsonl\" 2>/dev/null | wc -l | tr -d ' ')\n echo \" Total session files: ${total_sessions}\"\n\n # Check session file sizes\n local large_sessions=$(find \"${STATE_DIR}/agents\" -name \"*.jsonl\" -size +10M 2>/dev/null | wc -l | tr -d ' ')\n if [[ $large_sessions -gt 0 ]]; then\n yellow \" ⚠ ${large_sessions} session file(s) >10MB — consider pruning old sessions\"\n fi\n}\n\n# --- Logging ---\ninspect_logging() {\n header \"Logging Configuration\"\n\n local log_level=$(extract \"level\")\n local console_level=$(extract \"consoleLevel\")\n local redact=$(extract \"redactSensitive\")\n\n echo \" File log level: ${log_level:-info (default)}\"\n echo \" Console log level: ${console_level:-info (default)}\"\n echo \" Redact sensitive: ${redact:-not set}\"\n\n if [[ \"$redact\" == \"off\" ]]; then\n yellow \" ⚠ Sensitive redaction is OFF — secrets may appear in logs\"\n elif [[ \"$redact\" == \"tools\" ]]; then\n green \" ✓ Tool output redacted in logs\"\n fi\n\n # Check log files\n local log_dir=\"/tmp/openclaw\"\n if [[ -d \"$log_dir\" ]]; then\n local log_count=$(find \"$log_dir\" -name \"*.log\" 2>/dev/null | wc -l | tr -d ' ')\n local log_size=$(du -sh \"$log_dir\" 2>/dev/null | cut -f1)\n echo \" Log files: ${log_count} (${log_size})\"\n\n local old_logs=$(find \"$log_dir\" -name \"*.log\" -mtime +30 2>/dev/null | wc -l | tr -d ' ')\n if [[ $old_logs -gt 0 ]]; then\n yellow \" ⚠ ${old_logs} log file(s) older than 30 days — consider cleanup\"\n fi\n fi\n}\n\n# --- Run sections ---\ncase \"$SECTION\" in\n gateway) inspect_gateway ;;\n channels) inspect_channels ;;\n agents) inspect_agents ;;\n tools) inspect_tools ;;\n sessions) inspect_sessions ;;\n logging) inspect_logging ;;\n all)\n inspect_gateway\n inspect_channels\n inspect_agents\n inspect_tools\n inspect_sessions\n inspect_logging\n ;;\n *) red \"Unknown section: ${SECTION}\"; exit 1 ;;\nesac\n\necho \"\"\necho \"Done.\"\n","content_type":"application/x-sh; charset=utf-8","language":"bash","size":10741,"content_sha256":"0b81eee7ea58c9a61c53fbfa7ee509cf0320580d917412f72ac024a6629737fd"},{"filename":"scripts/mark_updated.sh","content":"#!/usr/bin/env bash\n# mark_updated.sh — Record that skill references have been checked/updated\n# Usage: bash mark_updated.sh \u003copenclaw-version>\n# Example: bash mark_updated.sh 2026.2.13\n\nset -euo pipefail\n\nSKILL_DIR=\"$(cd \"$(dirname \"$0\")/..\" && pwd)\"\nMARKER_FILE=\"$SKILL_DIR/.last_update_check\"\nVERSION=\"${1:?Usage: mark_updated.sh \u003copenclaw-version>}\"\n\necho \"$(date +%s)\" > \"$MARKER_FILE\"\necho \"$VERSION\" >> \"$MARKER_FILE\"\necho \"Marked clawpilot skill as checked at $(date -u +%Y-%m-%dT%H:%M:%SZ) for OpenClaw v$VERSION\"\n","content_type":"application/x-sh; charset=utf-8","language":"bash","size":525,"content_sha256":"b34d4a987a83ec19cd1237cb56a3684db4fc40dbe3c6e015f280d9e9a8bb9728"},{"filename":"scripts/prompt_checker.sh","content":"#!/usr/bin/env bash\n# OpenClaw Prompt & System Instruction Security Checker\n# Scans AGENTS.md, SOUL.md, USER.md, system prompts, and bootstrap files\n# for security weaknesses, missing guardrails, and risky patterns.\n# Usage: bash prompt_checker.sh [--state-dir PATH] [--workspace PATH]\n\nset -euo pipefail\n\nSTATE_DIR=\"${HOME}/.openclaw\"\nWORKSPACE=\"\"\nFINDINGS=0\n\nwhile [[ $# -gt 0 ]]; do\n case \"$1\" in\n --state-dir) STATE_DIR=\"$2\"; shift 2 ;;\n --workspace) WORKSPACE=\"$2\"; shift 2 ;;\n *) echo \"Unknown arg: $1\"; exit 1 ;;\n esac\ndone\n\nred() { printf '\\033[0;31m%s\\033[0m\\n' \"$*\"; }\nyellow() { printf '\\033[0;33m%s\\033[0m\\n' \"$*\"; }\ngreen() { printf '\\033[0;32m%s\\033[0m\\n' \"$*\"; }\nblue() { printf '\\033[0;34m%s\\033[0m\\n' \"$*\"; }\nbold() { printf '\\033[1m%s\\033[0m\\n' \"$*\"; }\n\nfinding() { yellow \"[FINDING] $*\"; ((FINDINGS++)) || true; }\ngood() { green \"[OK] $*\"; }\nnote() { blue \"[NOTE] $*\"; }\n\necho \"OpenClaw Prompt & System Instruction Security Checker\"\necho \"Date: $(date -u '+%Y-%m-%dT%H:%M:%SZ')\"\necho \"\"\n\n# Collect all prompt/instruction files\nPROMPT_FILES=()\n\n# 1. Workspace bootstrap files (AGENTS.md, SOUL.md, USER.md)\ndiscover_workspace() {\n local ws=\"$1\"\n local label=\"$2\"\n\n if [[ ! -d \"$ws\" ]]; then\n return\n fi\n\n for fname in AGENTS.md SOUL.md USER.md CLAUDE.md .clinerules .cursorrules; do\n if [[ -f \"${ws}/${fname}\" ]]; then\n PROMPT_FILES+=(\"${ws}/${fname}\")\n note \"Found ${label}/${fname}\"\n fi\n done\n}\n\n# Auto-discover workspaces\nif [[ -n \"$WORKSPACE\" ]]; then\n discover_workspace \"$WORKSPACE\" \"workspace\"\nelse\n # Default workspace\n discover_workspace \"${STATE_DIR}/workspace\" \"default-workspace\"\n\n # Per-agent workspaces\n if [[ -d \"${STATE_DIR}\" ]]; then\n while IFS= read -r -d '' ws_dir; do\n discover_workspace \"$ws_dir\" \"$(basename \"$ws_dir\")\"\n done \u003c \u003c(find \"${STATE_DIR}\" -maxdepth 1 -name \"workspace*\" -type d -print0 2>/dev/null)\n fi\nfi\n\n# 2. Check config for systemPrompt or repoRoot\nCONFIG_FILE=\"${STATE_DIR}/openclaw.json\"\nif [[ -f \"$CONFIG_FILE\" ]]; then\n config_content=$(cat \"$CONFIG_FILE\")\n\n # Check for repoRoot (which loads bootstrap files)\n repo_roots=$(echo \"$config_content\" | grep -oE '\"repoRoot\"\\s*:\\s*\"[^\"]*\"' | grep -oE '\"[^\"]*\"

OpenClaw Expert Skill Auto-Update Check (Run First) Before any other action , run the staleness check: - If : Proceed normally. - If : The skill references may be outdated. Before proceeding with the user's task: 1. Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases 2. Fetch https://docs.openclaw.ai/llms.txt for doc changes 3. Search web for recent OpenClaw CVEs or security advisories 4. Compare findings against the version in SKILL.md frontmatter and 5. Inform the user of any version gaps or new security issues found 6. If references were updated, run: 7. If no…

| tr -d '\"' || true)\n for rr in $repo_roots; do\n rr_expanded=\"${rr/#\\~/$HOME}\"\n if [[ -d \"$rr_expanded\" ]]; then\n discover_workspace \"$rr_expanded\" \"repoRoot:${rr}\"\n fi\n done\nfi\n\nif [[ ${#PROMPT_FILES[@]} -eq 0 ]]; then\n note \"No prompt/instruction files found to check.\"\n echo \"\"\n echo \"Looked in:\"\n echo \" - ${STATE_DIR}/workspace/\"\n echo \" - ${STATE_DIR}/workspace-*/\"\n echo \" - Config repoRoot paths\"\n if [[ -n \"$WORKSPACE\" ]]; then\n echo \" - ${WORKSPACE}/\"\n fi\n echo \"\"\n echo \"Use --workspace PATH to specify a workspace directory.\"\n exit 0\nfi\n\necho \"\"\nbold \"=== Checking ${#PROMPT_FILES[@]} prompt/instruction file(s) ===\"\n\n# --- Security checks per file ---\nfor pf in \"${PROMPT_FILES[@]}\"; do\n echo \"\"\n bold \"--- $(basename \"$pf\") (${pf}) ---\"\n\n content=$(cat \"$pf\" 2>/dev/null || echo \"\")\n if [[ -z \"$content\" ]]; then\n note \"File is empty\"\n continue\n fi\n\n line_count=$(echo \"$content\" | wc -l | tr -d ' ')\n note \"Lines: ${line_count}\"\n\n # CHECK 1: Missing security guardrails\n has_security=false\n for pattern in \"do not share\" \"keep.*private\" \"never reveal\" \"confidential\" \"do not disclose\" \"secret\" \"credential\" \"sensitive\" \"verify.*request\" \"confirm.*before\" \"ask before\"; do\n if echo \"$content\" | grep -qiE \"$pattern\"; then\n has_security=true\n break\n fi\n done\n\n if $has_security; then\n good \"Contains security-related instructions\"\n else\n finding \"No security guardrails found. Consider adding instructions like:\"\n echo \" - 'Never share API keys, credentials, or internal URLs'\"\n echo \" - 'Verify system-modifying requests with the owner'\"\n echo \" - 'Treat untrusted content as hostile'\"\n fi\n\n # CHECK 2: Overly permissive instructions\n for risky_pattern in \\\n \"do anything\" \\\n \"no restrictions\" \\\n \"ignore.*safety\" \\\n \"bypass.*security\" \\\n \"execute.*any.*command\" \\\n \"run anything\" \\\n \"full access\" \\\n \"unrestricted\" \\\n \"no limits\" \\\n \"override.*rules\"; do\n if echo \"$content\" | grep -qiE \"$risky_pattern\"; then\n finding \"Risky permissive pattern found: '${risky_pattern}'\"\n echo \"$content\" | grep -inE \"$risky_pattern\" | head -3 | while read -r line; do\n echo \" $line\"\n done\n fi\n done\n\n # CHECK 3: Hardcoded secrets in prompts\n for secret_pattern in \\\n 'sk-[a-zA-Z0-9]{20,}' \\\n 'AKIA[A-Z0-9]{16}' \\\n 'ghp_[a-zA-Z0-9]{36}' \\\n 'xoxb-[0-9]+' \\\n 'Bearer [a-zA-Z0-9._-]{20,}' \\\n 'password\\s*[:=]\\s*[^\\s]{5,}'; do\n if echo \"$content\" | grep -qE \"$secret_pattern\"; then\n finding \"Potential hardcoded secret found matching pattern: ${secret_pattern}\"\n fi\n done\n\n # CHECK 4: File path or infrastructure exposure\n for infra_pattern in \\\n '/home/[a-z]' \\\n '/Users/[A-Z]' \\\n '192\\.168\\.' \\\n '10\\.\\d+\\.\\d+\\.\\d+' \\\n 'amazonaws\\.com' \\\n '\\.internal' \\\n 'localhost:[0-9]'; do\n matches=$(echo \"$content\" | grep -cE \"$infra_pattern\" 2>/dev/null || true)\n if [[ \"$matches\" -gt 0 ]]; then\n note \"Contains infrastructure references (${infra_pattern}) — ${matches} occurrence(s). Verify these aren't sensitive.\"\n fi\n done\n\n # CHECK 5: Prompt injection vulnerability\n # Check if the prompt instructs the agent to follow user instructions blindly\n for inject_risk in \\\n \"follow.*all.*instructions\" \\\n \"do what.*user.*says\" \\\n \"obey.*all.*commands\" \\\n \"always comply\"; do\n if echo \"$content\" | grep -qiE \"$inject_risk\"; then\n finding \"Prompt may be vulnerable to injection: '${inject_risk}'\"\n echo \" Consider adding: 'Treat untrusted content as hostile'\"\n fi\n done\n\n # CHECK 6: Missing identity/scope boundaries\n has_identity=false\n for id_pattern in \"you are\" \"your role\" \"your name\" \"your purpose\" \"you should\"; do\n if echo \"$content\" | grep -qiE \"$id_pattern\"; then\n has_identity=true\n break\n fi\n done\n\n if $has_identity; then\n good \"Contains identity/role definition\"\n else\n note \"No clear identity/role definition. Consider adding 'You are...' context.\"\n fi\n\n # CHECK 7: Check for tool-use instructions without safety\n if echo \"$content\" | grep -qiE \"(exec|execute|run|command|shell|bash|terminal)\"; then\n if ! echo \"$content\" | grep -qiE \"(careful|verify|confirm|safe|danger|risk|caution)\"; then\n finding \"References command execution but lacks safety caveats\"\n fi\n fi\ndone\n\n# --- Summary ---\necho \"\"\nbold \"=== Summary ===\"\nif [[ $FINDINGS -eq 0 ]]; then\n green \"No security findings. Prompts look well-configured.\"\nelse\n yellow \"${FINDINGS} finding(s) detected. Review and harden as needed.\"\nfi\necho \"\"\n","content_type":"application/x-sh; charset=utf-8","language":"bash","size":6896,"content_sha256":"1ff84ce093c5f7782194349ee249bda3993920f6681297c8f2308b8e17952b6f"},{"filename":"scripts/security_audit.sh","content":"#!/usr/bin/env bash\n# OpenClaw Local Security Audit Script\n# Performs deep security checks on a local OpenClaw installation.\n# Usage: bash security_audit.sh [--state-dir PATH]\n#\n# Checks:\n# 1. Version & CVE vulnerability\n# 2. File/directory permissions\n# 3. Credential exposure (tokens/keys in config)\n# 4. Network binding & auth configuration\n# 5. Sandbox & tool policy settings\n# 6. DM policy & group access openness\n# 7. Log redaction settings\n# 8. Plugin/extension review\n# 9. Skill supply chain security\n# 10. Control UI security\n# 11. Reverse proxy configuration\n# 12. Gateway process exposure\n# 13. Sensitive files in synced/shared folders\n# 14. Session transcript secret scan\n#\n# Maps to OWASP Agentic Top 10 (ASI01-ASI10) and NIST CSF functions.\n\nset -euo pipefail\n\nSTATE_DIR=\"${HOME}/.openclaw\"\nSEVERITY_COUNTS=()\nCRITICAL=0\nWARNING=0\nINFO=0\nPASS=0\n\n# Parse args\nwhile [[ $# -gt 0 ]]; do\n case \"$1\" in\n --state-dir) STATE_DIR=\"$2\"; shift 2 ;;\n *) echo \"Unknown arg: $1\"; exit 1 ;;\n esac\ndone\n\nCONFIG_FILE=\"${STATE_DIR}/openclaw.json\"\n\n# --- Helpers ---\nred() { printf '\\033[0;31m%s\\033[0m\\n' \"$*\"; }\nyellow() { printf '\\033[0;33m%s\\033[0m\\n' \"$*\"; }\ngreen() { printf '\\033[0;32m%s\\033[0m\\n' \"$*\"; }\nblue() { printf '\\033[0;34m%s\\033[0m\\n' \"$*\"; }\n\ncritical() { red \"[CRITICAL] $*\"; ((CRITICAL++)) || true; }\nwarning() { yellow \"[WARNING] $*\"; ((WARNING++)) || true; }\ninfo() { blue \"[INFO] $*\"; ((INFO++)) || true; }\npass() { green \"[PASS] $*\"; ((PASS++)) || true; }\n\nheader() {\n echo \"\"\n echo \"============================================\"\n echo \" $*\"\n echo \"============================================\"\n}\n\n# --- Pre-checks ---\nheader \"OpenClaw Security Audit\"\necho \"State directory: ${STATE_DIR}\"\necho \"Config file: ${CONFIG_FILE}\"\necho \"Date: $(date -u '+%Y-%m-%dT%H:%M:%SZ')\"\necho \"Framework: OWASP Agentic Top 10 + NIST CSF\"\necho \"\"\n\nif [[ ! -d \"${STATE_DIR}\" ]]; then\n critical \"State directory ${STATE_DIR} does not exist. Is OpenClaw installed?\"\n echo \"\"\n echo \"Summary: ${CRITICAL} critical, ${WARNING} warnings, ${INFO} info, ${PASS} passed\"\n exit 1\nfi\n\nif [[ ! -f \"${CONFIG_FILE}\" ]]; then\n critical \"Config file ${CONFIG_FILE} not found.\"\nfi\n\n# Read config once\nconfig_content=\"\"\nif [[ -f \"${CONFIG_FILE}\" ]]; then\n config_content=$(cat \"${CONFIG_FILE}\" 2>/dev/null || echo \"\")\nfi\n\n# --- 1. Version & CVE Check [NIST: Identify] ---\nheader \"1. Version & Known Vulnerabilities\"\n\noc_version=\"\"\nif command -v openclaw &>/dev/null; then\n oc_version=$(openclaw --version 2>/dev/null | grep -oE '[0-9]{4}\\.[0-9]+\\.[0-9]+' | head -1 || true)\nfi\n\nif [[ -z \"$oc_version\" ]]; then\n # Try npm\n oc_version=$(npm list -g openclaw 2>/dev/null | grep -oE '[0-9]{4}\\.[0-9]+\\.[0-9]+' | head -1 || true)\nfi\n\nif [[ -z \"$oc_version\" ]]; then\n warning \"Could not determine OpenClaw version. Manual check required.\"\nelse\n info \"OpenClaw version: ${oc_version}\"\n\n # Parse version components: YYYY.M.P\n IFS='.' read -r oc_year oc_minor oc_patch \u003c\u003c\u003c \"$oc_version\"\n\n # CVE-2026-25253, CVE-2026-24763, CVE-2026-25157: Fixed in 2026.1.29\n if [[ \"$oc_year\" -lt 2026 ]]; then\n critical \"Version ${oc_version} is VULNERABLE to CVE-2026-25253 (CVSS 8.8), CVE-2026-24763, CVE-2026-25157\"\n echo \" Update immediately: npm install -g openclaw@latest\"\n elif [[ \"$oc_year\" -eq 2026 && \"$oc_minor\" -lt 1 ]]; then\n critical \"Version ${oc_version} is VULNERABLE to CVE-2026-25253 (CVSS 8.8), CVE-2026-24763, CVE-2026-25157\"\n echo \" Update immediately: npm install -g openclaw@latest\"\n elif [[ \"$oc_year\" -eq 2026 && \"$oc_minor\" -eq 1 && \"$oc_patch\" -lt 29 ]]; then\n critical \"Version ${oc_version} is VULNERABLE to CVE-2026-25253 (CVSS 8.8), CVE-2026-24763, CVE-2026-25157\"\n echo \" Update immediately: npm install -g openclaw@latest\"\n else\n pass \"Version ${oc_version} includes CVE-2026-25253/24763/25157 patches\"\n fi\n\n # Check for safety scanner (v2026.2.6+)\n if [[ \"$oc_year\" -eq 2026 && \"$oc_minor\" -ge 2 && \"$oc_patch\" -ge 6 ]] || [[ \"$oc_year\" -gt 2026 ]] || [[ \"$oc_year\" -eq 2026 && \"$oc_minor\" -gt 2 ]]; then\n pass \"Version includes skill/plugin safety scanner (v2026.2.6+)\"\n else\n warning \"Version ${oc_version} lacks skill safety scanner. Recommend upgrading to >= 2026.2.6\"\n fi\nfi\n\n# --- 2. File Permissions [NIST: Protect] ---\nheader \"2. File & Directory Permissions\"\n\ncheck_perms() {\n local path=\"$1\"\n local expected=\"$2\"\n local label=\"$3\"\n\n if [[ ! -e \"$path\" ]]; then\n info \"${label}: path does not exist (${path})\"\n return\n fi\n\n local actual\n if [[ \"$(uname)\" == \"Darwin\" ]]; then\n actual=$(stat -f '%Lp' \"$path\" 2>/dev/null || echo \"???\")\n else\n actual=$(stat -c '%a' \"$path\" 2>/dev/null || echo \"???\")\n fi\n\n if [[ \"$actual\" == \"$expected\" ]]; then\n pass \"${label}: permissions ${actual} (expected ${expected})\"\n else\n if [[ \"$actual\" =~ ^[0-7]*[4567][0-7]$ ]] || [[ \"$actual\" == \"777\" ]] || [[ \"$actual\" == \"755\" && \"$expected\" == \"700\" ]]; then\n critical \"${label}: permissions ${actual} (expected ${expected}) — others/group can access\"\n else\n warning \"${label}: permissions ${actual} (expected ${expected})\"\n fi\n fi\n}\n\ncheck_perms \"${STATE_DIR}\" \"700\" \"State directory (~/.openclaw)\"\ncheck_perms \"${CONFIG_FILE}\" \"600\" \"Config file (openclaw.json)\"\n\n# Check credential files\nif [[ -d \"${STATE_DIR}/credentials\" ]]; then\n while IFS= read -r -d '' cred_file; do\n check_perms \"$cred_file\" \"600\" \"Credential: $(basename \"$cred_file\")\"\n done \u003c \u003c(find \"${STATE_DIR}/credentials\" -type f -print0 2>/dev/null)\nfi\n\n# Check agent auth profiles\nwhile IFS= read -r -d '' auth_file; do\n check_perms \"$auth_file\" \"600\" \"Auth profile: ${auth_file#${STATE_DIR}/}\"\ndone \u003c \u003c(find \"${STATE_DIR}/agents\" -name \"auth-profiles.json\" -print0 2>/dev/null)\n\n# Check .env file\nif [[ -f \"${STATE_DIR}/.env\" ]]; then\n check_perms \"${STATE_DIR}/.env\" \"600\" \"Environment file (.env)\"\nfi\n\n# --- 3. Credential Exposure in Config [OWASP ASI05] ---\nheader \"3. Credential Exposure in Config\"\n\nif [[ -f \"${CONFIG_FILE}\" ]]; then\n # Check for inline tokens/keys (not env var references)\n if echo \"$config_content\" | grep -qiE '\"(api[_-]?key|token|secret|password)\"\\s*:\\s*\"[^$][^\"]{8,}\"'; then\n critical \"Hardcoded secrets found in config file. Use environment variables instead.\"\n echo \" Matches:\"\n echo \"$config_content\" | grep -inE '\"(api[_-]?key|token|secret|password)\"\\s*:\\s*\"[^$][^\"]{8,}\"' | head -5 | while read -r line; do\n echo \" $line\"\n done\n else\n pass \"No obvious hardcoded secrets in config (or using env var references)\"\n fi\n\n # Check for weak/short tokens\n if echo \"$config_content\" | grep -qE '\"token\"\\s*:\\s*\"[^\"]{1,15}\"'; then\n warning \"Short token detected (\u003c 16 chars). Use: openssl rand -hex 32\"\n fi\nfi\n\n# --- 4. Network Binding & Auth [OWASP ASI08, NIST: Protect] ---\nheader \"4. Network Binding & Authentication\"\n\nif [[ -f \"${CONFIG_FILE}\" ]]; then\n # Check gateway bind\n bind_value=$(echo \"$config_content\" | grep -oE '\"bind\"\\s*:\\s*\"[^\"]*\"' | head -1 | grep -oE '\"[^\"]*\"

OpenClaw Expert Skill Auto-Update Check (Run First) Before any other action , run the staleness check: - If : Proceed normally. - If : The skill references may be outdated. Before proceeding with the user's task: 1. Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases 2. Fetch https://docs.openclaw.ai/llms.txt for doc changes 3. Search web for recent OpenClaw CVEs or security advisories 4. Compare findings against the version in SKILL.md frontmatter and 5. Inform the user of any version gaps or new security issues found 6. If references were updated, run: 7. If no…

| tr -d '\"' || true)\n\n if [[ -z \"$bind_value\" ]] || [[ \"$bind_value\" == \"loopback\" ]]; then\n pass \"Gateway bind: loopback (local only)\"\n elif [[ \"$bind_value\" == \"lan\" ]]; then\n warning \"Gateway bind: lan — exposed to local network. Ensure auth token is set and firewall configured.\"\n elif [[ \"$bind_value\" == \"0.0.0.0\" ]] || [[ \"$bind_value\" == \"custom\" ]]; then\n critical \"Gateway bind: ${bind_value} — publicly exposed! Verify auth + firewall.\"\n else\n info \"Gateway bind: ${bind_value}\"\n fi\n\n # Check auth mode\n auth_mode=$(echo \"$config_content\" | grep -oE '\"mode\"\\s*:\\s*\"(token|password)\"' | head -1 | grep -oE '(token|password)' || true)\n auth_token=$(echo \"$config_content\" | grep -oE '\"token\"\\s*:\\s*\"[^\"]*\"' | head -1 || true)\n\n if [[ -n \"$auth_mode\" ]]; then\n pass \"Gateway auth mode: ${auth_mode}\"\n else\n if [[ \"$bind_value\" != \"loopback\" ]] && [[ -n \"$bind_value\" ]]; then\n critical \"No auth mode configured with non-loopback bind!\"\n else\n info \"No auth mode configured (acceptable for loopback)\"\n fi\n fi\nfi\n\n# --- 5. DM Policy & Group Access [OWASP ASI01, ASI08] ---\nheader \"5. DM Policy & Group Access Control\"\n\nif [[ -f \"${CONFIG_FILE}\" ]]; then\n # Check for open DM policies\n if echo \"$config_content\" | grep -qE '\"dmPolicy\"\\s*:\\s*\"open\"'; then\n critical \"DM policy set to 'open' — anyone can message the bot! Use 'pairing' or 'allowlist'.\"\n elif echo \"$config_content\" | grep -qE '\"dmPolicy\"\\s*:\\s*\"pairing\"'; then\n pass \"DM policy: pairing (unknown senders need approval)\"\n elif echo \"$config_content\" | grep -qE '\"dmPolicy\"\\s*:\\s*\"allowlist\"'; then\n pass \"DM policy: allowlist (only approved senders)\"\n elif echo \"$config_content\" | grep -qE '\"dmPolicy\"\\s*:\\s*\"disabled\"'; then\n pass \"DM policy: disabled\"\n else\n info \"DM policy not explicitly set (defaults to 'pairing')\"\n fi\n\n # Check for wildcard allowFrom\n if echo \"$config_content\" | grep -qE '\"allowFrom\"\\s*:\\s*\\[\\s*\"\\*\"\\s*\\]'; then\n critical \"allowFrom contains wildcard '*' — allows all senders!\"\n fi\n\n # Check requireMention for groups\n if echo \"$config_content\" | grep -qE '\"requireMention\"\\s*:\\s*false'; then\n warning \"Some groups have requireMention: false — bot responds to all messages in those groups.\"\n fi\nfi\n\n# --- 6. Sandbox & Tool Policies [OWASP ASI02, ASI09] ---\nheader \"6. Sandbox & Tool Policies\"\n\nif [[ -f \"${CONFIG_FILE}\" ]]; then\n # Sandbox mode\n sandbox_mode=$(echo \"$config_content\" | grep -oE '\"mode\"\\s*:\\s*\"(off|non-main|all)\"' | head -1 | grep -oE '(off|non-main|all)' || true)\n if [[ \"$sandbox_mode\" == \"off\" ]]; then\n warning \"Sandbox mode: off — all sessions run unsandboxed on host.\"\n elif [[ \"$sandbox_mode\" == \"non-main\" ]]; then\n pass \"Sandbox mode: non-main (non-owner sessions sandboxed)\"\n elif [[ \"$sandbox_mode\" == \"all\" ]]; then\n pass \"Sandbox mode: all (maximum isolation)\"\n else\n info \"Sandbox mode not explicitly set\"\n fi\n\n # Check for elevated tools\n if echo \"$config_content\" | grep -qE '\"elevated\"\\s*:\\s*\\{' && echo \"$config_content\" | grep -qE '\"enabled\"\\s*:\\s*true'; then\n warning \"Elevated mode enabled — agents can execute on host. Check allowFrom restrictions.\"\n fi\n\n # Check tool profile\n tool_profile=$(echo \"$config_content\" | grep -oE '\"profile\"\\s*:\\s*\"(minimal|coding|messaging|full)\"' | head -1 | grep -oE '(minimal|coding|messaging|full)' || true)\n if [[ \"$tool_profile\" == \"full\" ]]; then\n warning \"Tool profile: full — all tools enabled. Consider restricting for untrusted channels.\"\n elif [[ -n \"$tool_profile\" ]]; then\n pass \"Tool profile: ${tool_profile}\"\n fi\n\n # Check docker network for sandbox\n if echo \"$config_content\" | grep -qE '\"network\"\\s*:\\s*\"(bridge|host)\"'; then\n warning \"Sandbox docker network is not 'none' — containers have network access.\"\n fi\nfi\n\n# --- 7. Log Redaction [OWASP ASI05] ---\nheader \"7. Logging & Redaction\"\n\nif [[ -f \"${CONFIG_FILE}\" ]]; then\n if echo \"$config_content\" | grep -qE '\"redactSensitive\"\\s*:\\s*\"off\"'; then\n warning \"Log redaction is OFF — sensitive data may appear in logs.\"\n elif echo \"$config_content\" | grep -qE '\"redactSensitive\"\\s*:\\s*\"tools\"'; then\n pass \"Log redaction: tools (tool output redacted)\"\n else\n info \"Log redaction not explicitly set\"\n fi\nfi\n\n# Check log file permissions\nLOG_DIR=\"${OPENCLAW_LOG_DIR:-/tmp/openclaw}\"\nif [[ -d \"$LOG_DIR\" ]]; then\n log_perms=$(stat -f '%Lp' \"$LOG_DIR\" 2>/dev/null || stat -c '%a' \"$LOG_DIR\" 2>/dev/null || echo \"???\")\n if [[ \"$log_perms\" =~ [4567][0-7][0-7] ]] && [[ \"$log_perms\" != \"700\" ]]; then\n warning \"Log directory ${LOG_DIR} permissions: ${log_perms} (consider 700)\"\n else\n pass \"Log directory permissions: ${log_perms}\"\n fi\nfi\n\n# --- 8. Plugins & Extensions [OWASP ASI06] ---\nheader \"8. Plugins & Extensions\"\n\nEXTENSIONS_DIR=\"${STATE_DIR}/extensions\"\nif [[ -d \"$EXTENSIONS_DIR\" ]]; then\n plugin_count=$(find \"$EXTENSIONS_DIR\" -maxdepth 1 -type d | wc -l | tr -d ' ')\n ((plugin_count--)) || true # subtract the directory itself\n if [[ $plugin_count -gt 0 ]]; then\n warning \"${plugin_count} plugin(s) installed. Review each for trust:\"\n find \"$EXTENSIONS_DIR\" -maxdepth 1 -type d | tail -n +2 | while read -r p; do\n echo \" - $(basename \"$p\")\"\n done\n else\n pass \"No plugins installed\"\n fi\nelse\n pass \"No extensions directory found\"\nfi\n\n# --- 9. Skill Supply Chain Security [OWASP ASI06] ---\nheader \"9. Skill Supply Chain Security\"\n\nSKILLS_DIR=\"${STATE_DIR}/skills\"\nskills_checked=0\nskills_suspicious=0\n\nif [[ -d \"$SKILLS_DIR\" ]]; then\n skill_count=$(find \"$SKILLS_DIR\" -maxdepth 1 -type d | wc -l | tr -d ' ')\n ((skill_count--)) || true\n if [[ $skill_count -gt 0 ]]; then\n info \"${skill_count} skill(s) installed in ${SKILLS_DIR}\"\n\n # Scan each skill for suspicious patterns\n while IFS= read -r -d '' skill_file; do\n ((skills_checked++)) || true\n\n # Check for data exfiltration patterns (curl/wget to external hosts)\n if grep -qE '(curl|wget|nc|ncat)\\s+.*(http|ftp|tcp)' \"$skill_file\" 2>/dev/null; then\n critical \"Suspicious exfiltration pattern in skill: ${skill_file#${STATE_DIR}/}\"\n ((skills_suspicious++)) || true\n fi\n\n # Check for obfuscated commands (base64 decode + exec)\n if grep -qE '(base64\\s+(-d|--decode)|eval\\s+\\$|exec\\s+\\$)' \"$skill_file\" 2>/dev/null; then\n critical \"Obfuscated execution pattern in skill: ${skill_file#${STATE_DIR}/}\"\n ((skills_suspicious++)) || true\n fi\n\n # Check for reverse shell patterns\n if grep -qE '(/dev/tcp/|mkfifo|bash\\s+-i\\s+>&|nc\\s+-e)' \"$skill_file\" 2>/dev/null; then\n critical \"Reverse shell pattern in skill: ${skill_file#${STATE_DIR}/}\"\n ((skills_suspicious++)) || true\n fi\n\n # Check for environment variable stealing\n if grep -qE '(printenv|env\\s*>|echo\\s+\\$[A-Z_].*\\|.*(curl|wget|nc))' \"$skill_file\" 2>/dev/null; then\n warning \"Env variable exfiltration pattern in skill: ${skill_file#${STATE_DIR}/}\"\n ((skills_suspicious++)) || true\n fi\n\n done \u003c \u003c(find \"$SKILLS_DIR\" -type f \\( -name \"*.sh\" -o -name \"*.py\" -o -name \"*.js\" -o -name \"*.md\" \\) -print0 2>/dev/null)\n\n if [[ $skills_suspicious -eq 0 ]]; then\n pass \"No suspicious patterns found in ${skills_checked} skill file(s)\"\n else\n critical \"${skills_suspicious} suspicious pattern(s) found. Run: openclaw skills scan\"\n fi\n\n # Check if safety scanner is available\n if command -v openclaw &>/dev/null; then\n if openclaw skills scan --help &>/dev/null 2>&1; then\n info \"Safety scanner available. Run: openclaw skills scan \u003cskill-path>\"\n fi\n fi\n else\n pass \"No skills installed\"\n fi\nelse\n info \"No skills directory found\"\nfi\n\n# --- 10. Control UI Security [CVE-2026-25253] ---\nheader \"10. Control UI Security\"\n\nif [[ -f \"${CONFIG_FILE}\" ]]; then\n if echo \"$config_content\" | grep -qE '\"allowInsecureAuth\"\\s*:\\s*true'; then\n warning \"Control UI allowInsecureAuth is TRUE — device pairing bypassed, token-only auth.\"\n fi\n\n if echo \"$config_content\" | grep -qE '\"dangerouslyDisableDeviceAuth\"\\s*:\\s*true'; then\n critical \"Control UI device auth DISABLED — severe security downgrade!\"\n echo \" Set gateway.controlUi.dangerouslyDisableDeviceAuth: false\"\n fi\nfi\n\n# --- 11. Reverse Proxy Configuration [CVE-2026-24763] ---\nheader \"11. Reverse Proxy Configuration\"\n\nif [[ -f \"${CONFIG_FILE}\" ]]; then\n if echo \"$config_content\" | grep -q '\"trustedProxies\"'; then\n info \"Trusted proxies configured — verify proxy overwrites (not appends) X-Forwarded-For\"\n echo \" Test: curl -H 'X-Forwarded-For: 127.0.0.1' http://proxy:port/health\"\n echo \" If this bypasses auth, your proxy is misconfigured (CVE-2026-24763 vector)\"\n fi\n\n # Check if using non-loopback bind without trusted proxies (common with nginx/caddy)\n bind_value=$(echo \"$config_content\" | grep -oE '\"bind\"\\s*:\\s*\"[^\"]*\"' | head -1 | grep -oE '\"[^\"]*\"

OpenClaw Expert Skill Auto-Update Check (Run First) Before any other action , run the staleness check: - If : Proceed normally. - If : The skill references may be outdated. Before proceeding with the user's task: 1. Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases 2. Fetch https://docs.openclaw.ai/llms.txt for doc changes 3. Search web for recent OpenClaw CVEs or security advisories 4. Compare findings against the version in SKILL.md frontmatter and 5. Inform the user of any version gaps or new security issues found 6. If references were updated, run: 7. If no…

| tr -d '\"' || true)\n if [[ \"$bind_value\" == \"lan\" || \"$bind_value\" == \"custom\" || \"$bind_value\" == \"0.0.0.0\" ]]; then\n if ! echo \"$config_content\" | grep -q '\"trustedProxies\"'; then\n warning \"Non-loopback bind without trustedProxies — if behind a reverse proxy, configure trustedProxies to prevent auth bypass\"\n fi\n fi\nfi\n\n# --- 12. Gateway Process [NIST: Detect] ---\nheader \"12. Gateway Process\"\n\ngateway_pid=$(pgrep -f \"openclaw.*gateway\" 2>/dev/null || true)\nif [[ -n \"$gateway_pid\" ]]; then\n info \"Gateway process running (PID: ${gateway_pid})\"\n\n # Check listening ports\n if command -v lsof &>/dev/null; then\n listening=$(lsof -i -P -n 2>/dev/null | grep \"$gateway_pid\" | grep LISTEN || true)\n if [[ -n \"$listening\" ]]; then\n echo \" Listening on:\"\n echo \"$listening\" | while read -r line; do\n echo \" $line\"\n if echo \"$line\" | grep -qE '\\*:|\\b0\\.0\\.0\\.0:'; then\n critical \"Gateway listening on all interfaces (0.0.0.0)!\"\n fi\n done\n fi\n fi\n\n # Check for unexpected outbound connections (exfiltration detection)\n if command -v lsof &>/dev/null; then\n outbound=$(lsof -i -P -n 2>/dev/null | grep \"$gateway_pid\" | grep ESTABLISHED | grep -v \"127.0.0.1\" | grep -v \"::1\" || true)\n if [[ -n \"$outbound\" ]]; then\n outbound_count=$(echo \"$outbound\" | wc -l | tr -d ' ')\n info \"${outbound_count} outbound connection(s) from gateway — review for legitimacy\"\n fi\n fi\nelse\n info \"Gateway process not currently running\"\nfi\n\n# --- 13. Sensitive Files in Synced Folders [NIST: Protect] ---\nheader \"13. Sensitive Data Location Check\"\n\n# Check if state dir is inside common synced folders\nsynced_dirs=(\"$HOME/Dropbox\" \"$HOME/Google Drive\" \"$HOME/OneDrive\" \"$HOME/iCloud\" \"$HOME/Library/Mobile Documents\")\nfor sync_dir in \"${synced_dirs[@]}\"; do\n if [[ \"${STATE_DIR}\" == \"${sync_dir}\"* ]]; then\n critical \"OpenClaw state directory is inside a synced folder: ${sync_dir}\"\n echo \" Move to a non-synced location to prevent credential exposure.\"\n fi\ndone\npass \"State directory not in common synced folders\"\n\n# --- 14. Session Transcript Quick Scan [OWASP ASI05] ---\nheader \"14. Session Transcript Secret Scan (sampling)\"\n\nsecret_patterns='(sk-[a-zA-Z0-9]{20,}|sk-ant-[a-zA-Z0-9_-]{20,}|AKIA[A-Z0-9]{16}|ghp_[a-zA-Z0-9]{36}|xoxb-[0-9]+-[a-zA-Z0-9]+|-----BEGIN (RSA |EC )?PRIVATE KEY-----|AIza[A-Za-z0-9_-]{35})'\nleaked_count=0\n\n# Sample up to 10 recent session files\nsample_count=0\nwhile IFS= read -r -d '' session_file; do\n if [[ $sample_count -ge 10 ]]; then\n break\n fi\n if grep -qE \"$secret_patterns\" \"$session_file\" 2>/dev/null; then\n ((leaked_count++)) || true\n warning \"Potential secret found in transcript: ${session_file#${STATE_DIR}/}\"\n fi\n ((sample_count++)) || true\ndone \u003c \u003c(find \"${STATE_DIR}/agents\" -name \"*.jsonl\" -type f -print0 2>/dev/null)\n\nif [[ $leaked_count -eq 0 ]]; then\n pass \"No obvious secrets found in sampled session transcripts\"\nfi\n\n# --- Summary ---\nheader \"Audit Summary\"\necho \"\"\necho \" $(red \"${CRITICAL} CRITICAL\")\"\necho \" $(yellow \"${WARNING} Warnings\")\"\necho \" $(blue \"${INFO} Informational\")\"\necho \" $(green \"${PASS} Passed\")\"\necho \"\"\necho \" Framework: OWASP Agentic Top 10 (ASI01-ASI10) + NIST CSF\"\necho \" CVE Coverage: CVE-2026-25253, CVE-2026-24763, CVE-2026-25157\"\necho \"\"\n\nif [[ $CRITICAL -gt 0 ]]; then\n red \"ACTION REQUIRED: Fix critical issues before continuing.\"\n echo \"\"\n echo \" Quick fixes:\"\n echo \" 1. Update: npm install -g openclaw@latest\"\n echo \" 2. Permissions: chmod 700 ~/.openclaw && chmod 600 ~/.openclaw/openclaw.json\"\n echo \" 3. Rotate tokens: openssl rand -hex 32\"\n echo \" 4. Scan skills: openclaw skills scan\"\n exit 2\nelif [[ $WARNING -gt 0 ]]; then\n yellow \"Review warnings and harden where possible.\"\n exit 0\nelse\n green \"All checks passed. Installation looks secure.\"\n exit 0\nfi\n","content_type":"application/x-sh; charset=utf-8","language":"bash","size":20015,"content_sha256":"a93c263bae033c3db316b3fcca105a51059ffa3727b3bc3a1b069623465dbae7"},{"filename":"scripts/session_scanner.sh","content":"#!/usr/bin/env bash\n# OpenClaw Session Transcript Scanner\n# Scans session .jsonl files for leaked secrets, sensitive data, and anomalies.\n# Usage: bash session_scanner.sh [--state-dir PATH] [--agent AGENT_ID] [--max-files N] [--deep]\n\nset -euo pipefail\n\nSTATE_DIR=\"${HOME}/.openclaw\"\nAGENT_ID=\"\"\nMAX_FILES=20\nDEEP=false\nFINDINGS=0\n\nwhile [[ $# -gt 0 ]]; do\n case \"$1\" in\n --state-dir) STATE_DIR=\"$2\"; shift 2 ;;\n --agent) AGENT_ID=\"$2\"; shift 2 ;;\n --max-files) MAX_FILES=\"$2\"; shift 2 ;;\n --deep) DEEP=true; shift ;;\n *) echo \"Unknown arg: $1\"; exit 1 ;;\n esac\ndone\n\nred() { printf '\\033[0;31m%s\\033[0m\\n' \"$*\"; }\nyellow() { printf '\\033[0;33m%s\\033[0m\\n' \"$*\"; }\ngreen() { printf '\\033[0;32m%s\\033[0m\\n' \"$*\"; }\nblue() { printf '\\033[0;34m%s\\033[0m\\n' \"$*\"; }\nbold() { printf '\\033[1m%s\\033[0m\\n' \"$*\"; }\n\nfinding() { yellow \"[FINDING] $*\"; ((FINDINGS++)) || true; }\ncritical() { red \"[CRITICAL] $*\"; ((FINDINGS++)) || true; }\ngood() { green \"[OK] $*\"; }\nnote() { blue \"[NOTE] $*\"; }\n\necho \"OpenClaw Session Transcript Scanner\"\necho \"Date: $(date -u '+%Y-%m-%dT%H:%M:%SZ')\"\necho \"\"\n\n# Determine session directories to scan\nSEARCH_DIR=\"${STATE_DIR}/agents\"\nif [[ -n \"$AGENT_ID\" ]]; then\n SEARCH_DIR=\"${STATE_DIR}/agents/${AGENT_ID}/sessions\"\n if [[ ! -d \"$SEARCH_DIR\" ]]; then\n red \"Agent session directory not found: ${SEARCH_DIR}\"\n exit 1\n fi\nfi\n\nif [[ ! -d \"$SEARCH_DIR\" ]]; then\n note \"No agents directory found at ${SEARCH_DIR}\"\n exit 0\nfi\n\n# Collect session files (most recent first, portable across macOS and Linux)\nSESSION_FILES=()\nwhile IFS= read -r f; do\n SESSION_FILES+=(\"$f\")\ndone \u003c \u003c(find \"$SEARCH_DIR\" -name \"*.jsonl\" -type f -print0 2>/dev/null | xargs -0 ls -1t 2>/dev/null | head -n \"$MAX_FILES\")\n\n# Fallback if xargs/ls approach returned nothing\nif [[ ${#SESSION_FILES[@]} -eq 0 ]]; then\n while IFS= read -r -d '' f; do\n SESSION_FILES+=(\"$f\")\n if [[ ${#SESSION_FILES[@]} -ge $MAX_FILES ]]; then\n break\n fi\n done \u003c \u003c(find \"$SEARCH_DIR\" -name \"*.jsonl\" -type f -print0 2>/dev/null)\nfi\n\nTOTAL_FILES=${#SESSION_FILES[@]}\necho \"Found ${TOTAL_FILES} session file(s) to scan (max: ${MAX_FILES})\"\necho \"\"\n\nif [[ $TOTAL_FILES -eq 0 ]]; then\n note \"No session files found\"\n exit 0\nfi\n\n# --- Secret Patterns ---\n# These are well-known credential patterns\nSECRET_LABELS=(\n \"AWS Access Key\"\n \"AWS Secret Key\"\n \"GitHub PAT\"\n \"GitHub OAuth\"\n \"Anthropic API Key\"\n \"OpenAI API Key\"\n \"Slack Bot Token\"\n \"Slack App Token\"\n \"Discord Bot Token\"\n \"Private Key\"\n \"Generic Bearer\"\n \"Telegram Bot Token\"\n \"Google API Key\"\n)\nSECRET_REGEXES=(\n 'AKIA[A-Z0-9]{16}'\n '(aws_secret_access_key|AWS_SECRET_ACCESS_KEY|SecretAccessKey)[\"\\s:=]+[A-Za-z0-9/+=]{40}'\n 'ghp_[a-zA-Z0-9]{36}'\n 'gho_[a-zA-Z0-9]{36}'\n 'sk-ant-[a-zA-Z0-9_-]{20,}'\n 'sk-[a-zA-Z0-9]{20,}'\n 'xoxb-[0-9]+-[a-zA-Z0-9]+'\n 'xapp-[0-9]+-[a-zA-Z0-9]+'\n '[MN][A-Za-z0-9]{23,}\\.[a-zA-Z0-9_-]{6}\\.[a-zA-Z0-9_-]{27,}'\n '-----BEGIN (RSA |EC |OPENSSH )?PRIVATE KEY-----'\n 'Bearer [a-zA-Z0-9._-]{20,}'\n '[0-9]{8,}:[A-Za-z0-9_-]{35}'\n 'AIza[A-Za-z0-9_-]{35}'\n)\n\n# --- Scan each file ---\nfiles_with_secrets=0\ntotal_secret_hits=0\n\nfor sf in \"${SESSION_FILES[@]}\"; do\n rel_path=\"${sf#${STATE_DIR}/}\"\n file_hits=0\n file_size=$(du -h \"$sf\" 2>/dev/null | cut -f1)\n\n for ((i=0; i\u003c${#SECRET_LABELS[@]}; i++)); do\n label=\"${SECRET_LABELS[$i]}\"\n pattern=\"${SECRET_REGEXES[$i]}\"\n hit_count=$(grep -cE \"$pattern\" \"$sf\" 2>/dev/null || true)\n if [[ \"$hit_count\" -gt 0 ]]; then\n if [[ $file_hits -eq 0 ]]; then\n echo \"\"\n bold \"--- ${rel_path} (${file_size}) ---\"\n fi\n critical \" ${label}: ${hit_count} match(es)\"\n ((file_hits += hit_count)) || true\n fi\n done\n\n if [[ $file_hits -gt 0 ]]; then\n ((files_with_secrets++)) || true\n ((total_secret_hits += file_hits)) || true\n fi\n\n # Deep mode: additional checks\n if $DEEP; then\n # Check for IP addresses\n ip_count=$(grep -cE '\\b([0-9]{1,3}\\.){3}[0-9]{1,3}\\b' \"$sf\" 2>/dev/null || true)\n if [[ \"$ip_count\" -gt 10 ]]; then\n if [[ $file_hits -eq 0 ]]; then\n echo \"\"\n bold \"--- ${rel_path} (${file_size}) ---\"\n fi\n note \" ${ip_count} IP address references found\"\n fi\n\n # Check for base64-encoded blobs (potential encoded secrets)\n b64_count=$(grep -cE '[A-Za-z0-9+/]{40,}={0,2}' \"$sf\" 2>/dev/null || true)\n if [[ \"$b64_count\" -gt 5 ]]; then\n note \" ${b64_count} base64-like strings found (may contain encoded secrets)\"\n fi\n\n # Check for file paths that reveal infrastructure\n path_count=$(grep -cE '(/home/[a-z]|/Users/[A-Z]|/etc/|/var/|C:\\\\Users\\\\)' \"$sf\" 2>/dev/null || true)\n if [[ \"$path_count\" -gt 0 ]]; then\n note \" ${path_count} file path references (infrastructure exposure)\"\n fi\n\n # Check file age\n if [[ \"$(uname)\" == \"Darwin\" ]]; then\n file_age_days=$(( ( $(date +%s) - $(stat -f %m \"$sf\") ) / 86400 ))\n else\n file_age_days=$(( ( $(date +%s) - $(stat -c %Y \"$sf\") ) / 86400 ))\n fi\n if [[ $file_age_days -gt 90 ]]; then\n note \" File is ${file_age_days} days old — consider pruning\"\n fi\n fi\ndone\n\n# --- Size Analysis ---\necho \"\"\nbold \"=== Storage Analysis ===\"\n\ntotal_size=$(du -sh \"${STATE_DIR}/agents\" 2>/dev/null | cut -f1)\necho \" Total agent data: ${total_size}\"\n\n# Per-agent breakdown\nfor agent_dir in \"${STATE_DIR}/agents\"/*/; do\n if [[ -d \"$agent_dir\" ]]; then\n agent_name=$(basename \"$agent_dir\")\n agent_size=$(du -sh \"$agent_dir\" 2>/dev/null | cut -f1)\n session_count=$(find \"$agent_dir\" -name \"*.jsonl\" 2>/dev/null | wc -l | tr -d ' ')\n echo \" Agent '${agent_name}': ${agent_size} (${session_count} sessions)\"\n fi\ndone\n\n# --- Summary ---\necho \"\"\nbold \"=== Summary ===\"\nif [[ $files_with_secrets -gt 0 ]]; then\n red \" ${files_with_secrets} file(s) contain potential secrets (${total_secret_hits} total matches)\"\n echo \"\"\n yellow \" Recommendations:\"\n echo \" 1. Review flagged transcripts and delete if they contain real secrets\"\n echo \" 2. Rotate any exposed credentials immediately\"\n echo \" 3. Enable log redaction: logging.redactSensitive: \\\"tools\\\"\"\n echo \" 4. Consider session pruning: session.reset.mode: \\\"daily\\\"\"\n echo \" 5. Avoid pasting secrets into chat messages\"\nelse\n green \" No secrets detected in scanned transcripts\"\nfi\necho \"\"\necho \" Scanned: ${TOTAL_FILES} files\"\necho \" Findings: ${FINDINGS}\"\necho \"\"\n","content_type":"application/x-sh; charset=utf-8","language":"bash","size":6448,"content_sha256":"ff88ec58adb35824c661bb195850fee28daab196cd20f065805aa4f0e1449fdc"}],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"OpenClaw Expert Skill","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Auto-Update Check (Run First)","type":"text"}]},{"type":"paragraph","content":[{"text":"Before any other action","type":"text","marks":[{"type":"strong"}]},{"text":", run the staleness check:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"bash scripts/check_updates.sh","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"If ","type":"text","marks":[{"type":"strong"}]},{"text":"UP_TO_DATE","type":"text","marks":[{"type":"code_inline"},{"type":"strong"}]},{"text":": Proceed normally.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"If ","type":"text","marks":[{"type":"strong"}]},{"text":"STALE","type":"text","marks":[{"type":"code_inline"},{"type":"strong"}]},{"text":": The skill references may be outdated. Before proceeding with the user's task:","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Fetch https://docs.openclaw.ai/llms.txt for doc changes","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Search web for recent OpenClaw CVEs or security advisories","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Compare findings against the version in SKILL.md frontmatter and ","type":"text"},{"text":"references/security.md","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Inform the user","type":"text","marks":[{"type":"strong"}]},{"text":" of any version gaps or new security issues found","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"If references were updated, run: ","type":"text"},{"text":"bash scripts/mark_updated.sh \u003clatest-version>","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"If no updates needed, still mark as checked: ","type":"text"},{"text":"bash scripts/mark_updated.sh \u003ccurrent-version>","type":"text","marks":[{"type":"code_inline"}]}]}]}]}]}]},{"type":"paragraph","content":[{"text":"This check uses a ","type":"text"},{"text":".last_update_check","type":"text","marks":[{"type":"code_inline"}]},{"text":" marker file. The threshold is 7 days (configurable via first argument).","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Security-First Principle","type":"text"}]},{"type":"paragraph","content":[{"text":"Every configuration action MUST pass a security review before recommending it.","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"For each setting change, evaluate:","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Blast radius","type":"text","marks":[{"type":"strong"}]},{"text":" — If this setting is exploited, what can an attacker reach?","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Credential exposure","type":"text","marks":[{"type":"strong"}]},{"text":" — Are secrets stored safely? Permissions correct?","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Network surface","type":"text","marks":[{"type":"strong"}]},{"text":" — Is the gateway exposed beyond what's necessary?","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Prompt injection risk","type":"text","marks":[{"type":"strong"}]},{"text":" — Can untrusted message content manipulate the agent?","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Supply chain risk","type":"text","marks":[{"type":"strong"}]},{"text":" — Are installed skills/plugins from trusted sources?","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"When recommending configuration, always present the secure baseline first, then explain trade-offs of relaxing it.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Critical CVEs (Must Check)","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"CVE-2026-25253","type":"text","marks":[{"type":"strong"}]},{"text":" (CVSS 8.8): Token exfiltration via Control UI — fixed in 2026.1.29","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"CVE-2026-24763","type":"text","marks":[{"type":"strong"}]},{"text":": Command injection — fixed in 2026.1.29","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"CVE-2026-25157","type":"text","marks":[{"type":"strong"}]},{"text":": Command injection (chainable with 25253) — fixed in 2026.1.29","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"2026.2.12","type":"text","marks":[{"type":"strong"}]},{"text":": Mass security patch (40+ vulnerabilities) — path traversals, SSRF, privilege escalation","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"2026.2.15+","type":"text","marks":[{"type":"strong"}]},{"text":": SHA-256 sandbox hashing, plugin discovery hardening, ACP session DoS fixes","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"2026.2.17+","type":"text","marks":[{"type":"strong"}]},{"text":": SSRF ISATAP protection, iMessage SSH host-key enforcement, control-plane RPC rate limiting","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"2026.2.19","type":"text","marks":[{"type":"strong"}]},{"text":": Browser relay auth hardening (","type":"text"},{"text":"/extension","type":"text","marks":[{"type":"code_inline"}]},{"text":" + ","type":"text"},{"text":"/cdp","type":"text","marks":[{"type":"code_inline"}]},{"text":" require gateway-token)","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Always verify user's version is >= 2026.2.19 before any other advice.","type":"text","marks":[{"type":"strong"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Quick Reference","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Task","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Command","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Install","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"npm install -g openclaw@latest","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Onboard","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw onboard --install-daemon","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Start gateway","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw gateway --port 18789","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Login channel","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw channels login","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Health check","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw health","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Security audit","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw security audit --deep","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Skill safety scan","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw skills scan \u003cpath>","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Diagnostics","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw doctor","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Update","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw update","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"View logs","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw logs","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Status (redacted)","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw status --all","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Agent management","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw agents list","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"iOS/macOS node","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw nodes","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Device management","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw devices remove/clear","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Cron (staggered)","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw cron add --stagger/--exact","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Spawn subagent","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"/subagents spawn","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Shell completion","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"openclaw completion","type":"text","marks":[{"type":"code_inline"}]}]}]}]}]},{"type":"paragraph","content":[{"text":"Run ","type":"text"},{"text":"openclaw --help","type":"text","marks":[{"type":"code_inline"}]},{"text":" for full command list.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Documentation Source","type":"text"}]},{"type":"paragraph","content":[{"text":"Use the reference files bundled in this skill as the primary source. They cover the core config schema, security hardening (including CVEs, OWASP mapping, NIST alignment), cloud deployment, and multi-agent routing.","type":"text"}]},{"type":"paragraph","content":[{"text":"Fetch from https://docs.openclaw.ai/ only when:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"The bundled references do not cover a feature the user asks about","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Version-specific behavior requires the latest docs","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"A command or config key is absent from the bundled references","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Full docs index: https://docs.openclaw.ai/llms.txt","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Core Architecture","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"Chat Apps --> Gateway (single process) --> AI Agent(s)\n | |\n +- Session manager +- Workspace (SOUL.md, AGENTS.md, MEMORY.md)\n +- Channel routing +- Auth profiles\n +- Tool policies +- Memory (daily logs + vector search)\n +- Sandbox (Docker) +- Sessions\n +- Cron scheduler +- Skills\n +- Safety scanner +- Subagents\n +- Agent mgmt RPC +- iOS/macOS nodes","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Gateway","type":"text","marks":[{"type":"strong"}]},{"text":": Single source of truth for sessions, routing, channel connections. Binds to ","type":"text"},{"text":"127.0.0.1:18789","type":"text","marks":[{"type":"code_inline"}]},{"text":" by default.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Agents","type":"text","marks":[{"type":"strong"}]},{"text":": Isolated entities with own workspace, state dir, auth profiles, session store. Manageable via RPC (","type":"text"},{"text":"agents.create","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"agents.update","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"agents.delete","type":"text","marks":[{"type":"code_inline"}]},{"text":").","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Channels","type":"text","marks":[{"type":"strong"}]},{"text":": Plugin-based — WhatsApp, Telegram, Discord, Slack, iMessage, Signal, LINE, Matrix, Teams, Google Chat, Mattermost, BlueBubbles, Feishu, Zalo.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Config","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"~/.openclaw/openclaw.json","type":"text","marks":[{"type":"code_inline"}]},{"text":" (JSON5 format). ","type":"text"},{"text":"OPENCLAW_HOME","type":"text","marks":[{"type":"code_inline"}]},{"text":" env var overrides home directory for path resolution.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Nodes","type":"text","marks":[{"type":"strong"}]},{"text":": iOS alpha + macOS nodes for remote code execution via pairing.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"iOS","type":"text","marks":[{"type":"strong"}]},{"text":": Watch Companion (inbox UI, notification relay), Share Extension (forward content to gateway), APNs push notifications (v2026.2.19+).","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Secure Baseline","type":"text"}]},{"type":"paragraph","content":[{"text":"Always start from the secure baseline and relax only with justification. Key defaults: ","type":"text"},{"text":"bind: \"loopback\"","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"dmPolicy: \"pairing\"","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"sandbox: { mode: \"non-main\" }","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"redactSensitive: \"tools\"","type":"text","marks":[{"type":"code_inline"}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Breaking Changes (v2026.2.10–2026.2.19)","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Gateway HTTP APIs blocked for WebChat clients (","type":"text"},{"text":"sessions.patch","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"sessions.delete","type":"text","marks":[{"type":"code_inline"}]},{"text":")","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Browser relay now requires gateway-token auth on both ","type":"text"},{"text":"/extension","type":"text","marks":[{"type":"code_inline"}]},{"text":" and ","type":"text"},{"text":"/cdp","type":"text","marks":[{"type":"code_inline"}]},{"text":" endpoints","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Subagent task messages now prefixed with source context","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Cron stagger defaults applied to recurring top-of-hour schedules","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Full baseline template and memory system config: see ","type":"text"},{"text":"Configuration Reference","type":"text","marks":[{"type":"link","attrs":{"href":"references/configuration.md","title":null}}]},{"text":" and ","type":"text"},{"text":"Security Hardening","type":"text","marks":[{"type":"link","attrs":{"href":"references/security.md","title":null}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Common Workflows","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Initial Setup","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"npm install -g openclaw@latest","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"openclaw onboard --install-daemon","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"openclaw channels login","type":"text","marks":[{"type":"code_inline"}]},{"text":" (select channel)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"openclaw gateway --port 18789","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Run ","type":"text","marks":[{"type":"strong"}]},{"text":"openclaw security audit --deep","type":"text","marks":[{"type":"code_inline"},{"type":"strong"}]},{"text":" — fix any findings","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Run ","type":"text","marks":[{"type":"strong"}]},{"text":"openclaw skills scan","type":"text","marks":[{"type":"code_inline"},{"type":"strong"}]},{"text":" — verify installed skills are safe","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Verify: ","type":"text"},{"text":"openclaw health","type":"text","marks":[{"type":"code_inline"}]},{"text":" and open ","type":"text"},{"text":"http://127.0.0.1:18789/","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Add a Channel","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"openclaw channels login","type":"text","marks":[{"type":"code_inline"}]},{"text":" -> select channel","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Configure allowlists in ","type":"text"},{"text":"openclaw.json","type":"text","marks":[{"type":"code_inline"}]},{"text":" (never use ","type":"text"},{"text":"\"*\"","type":"text","marks":[{"type":"code_inline"}]},{"text":" for production)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Set ","type":"text"},{"text":"dmPolicy: \"pairing\"","type":"text","marks":[{"type":"code_inline"}]},{"text":" or ","type":"text"},{"text":"\"allowlist\"","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"For groups: ","type":"text"},{"text":"requireMention: true","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Security review","type":"text","marks":[{"type":"strong"}]},{"text":": Verify allowlist, check tool access for that channel","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Remote Access (Secure)","type":"text"}]},{"type":"paragraph","content":[{"text":"Preferred: Tailscale Serve","type":"text","marks":[{"type":"strong"}]},{"text":" — keeps loopback bind, no public exposure. ","type":"text"},{"text":"Alternative: SSH tunnel","type":"text","marks":[{"type":"strong"}]},{"text":" — ","type":"text"},{"text":"ssh -N -L 18789:127.0.0.1:18789 user@host","type":"text","marks":[{"type":"code_inline"}]},{"text":" ","type":"text"},{"text":"Never","type":"text","marks":[{"type":"strong"}]},{"text":": Bind to ","type":"text"},{"text":"0.0.0.0","type":"text","marks":[{"type":"code_inline"}]},{"text":" without auth token + firewall.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Troubleshooting","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"openclaw doctor","type":"text","marks":[{"type":"code_inline"}]},{"text":" — config validation","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"openclaw health","type":"text","marks":[{"type":"code_inline"}]},{"text":" — gateway status","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"openclaw logs","type":"text","marks":[{"type":"code_inline"}]},{"text":" — recent logs","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"openclaw status --all","type":"text","marks":[{"type":"code_inline"}]},{"text":" — full state (secrets redacted)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"openclaw memory search \"topic\"","type":"text","marks":[{"type":"code_inline"}]},{"text":" — search agent memory","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"openclaw sessions list","type":"text","marks":[{"type":"code_inline"}]},{"text":" — view active sessions","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Check ","type":"text"},{"text":"/tmp/openclaw/openclaw-YYYY-MM-DD.log","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Discover & Install Skills","type":"text"}]},{"type":"paragraph","content":[{"text":"When user asks about extending OpenClaw with new skills or asks \"what skills are available\":","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Official registry: https://clawhub.com","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Community curated list (1,715+ skills, 31 categories): https://github.com/VoltAgent/awesome-openclaw-skills","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Install via CLI: ","type":"text"},{"text":"npx clawhub@latest install \u003cskill-slug>","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Manual install: copy skill folder to ","type":"text"},{"text":"~/.openclaw/skills/","type":"text","marks":[{"type":"code_inline"}]},{"text":" (global) or ","type":"text"},{"text":"\u003cproject>/skills/","type":"text","marks":[{"type":"code_inline"}]},{"text":" (workspace)","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Security","type":"text","marks":[{"type":"strong"}]},{"text":": Third-party skills execute as trusted code. ","type":"text"},{"text":"Hundreds of malicious skills were discovered on ClawHub in early 2026.","type":"text","marks":[{"type":"strong"}]},{"text":" Always:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Run ","type":"text"},{"text":"openclaw skills scan \u003cskill-path>","type":"text","marks":[{"type":"code_inline"}]},{"text":" before installing (v2026.2.6+)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Review source code, especially skills using ","type":"text"},{"text":"exec","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"browser","type":"text","marks":[{"type":"code_inline"}]},{"text":", or ","type":"text"},{"text":"web_fetch","type":"text","marks":[{"type":"code_inline"}]},{"text":" tools","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Pin versions and avoid auto-updating untrusted skills","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"For skills config schema (load order, per-skill env/apiKey, hot reload), see ","type":"text"},{"text":"Configuration Reference","type":"text","marks":[{"type":"link","attrs":{"href":"references/configuration.md#skills","title":null}}]},{"text":". For skill ecosystem URLs (ClawHub registry, community lists), see ","type":"text"},{"text":"Security Hardening — Skill Supply Chain","type":"text","marks":[{"type":"link","attrs":{"href":"references/security.md#skill-supply-chain-security","title":null}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Local Inspection Scripts","type":"text"}]},{"type":"blockquote","content":[{"type":"paragraph","content":[{"text":"Prefer native CLI when available","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"openclaw security audit --deep","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"openclaw doctor","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"openclaw config get","type":"text","marks":[{"type":"code_inline"}]},{"text":" provide authoritative results. Use the scripts below only for deeper heuristic checks or when the CLI is unavailable.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"Run these scripts against the local OpenClaw installation. All accept ","type":"text"},{"text":"--state-dir PATH","type":"text","marks":[{"type":"code_inline"}]},{"text":" to override ","type":"text"},{"text":"~/.openclaw","type":"text","marks":[{"type":"code_inline"}]},{"text":". Scripts use heuristic grep-based parsing of JSON5 config — results are best-effort.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Full Security Audit","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"bash scripts/security_audit.sh [--state-dir ~/.openclaw]","type":"text"}]},{"type":"paragraph","content":[{"text":"Check: version/CVE status, file permissions, hardcoded credentials, network binding, DM policies, sandbox config, tool policies, log redaction, plugins, ","type":"text"},{"text":"skill supply chain","type":"text","marks":[{"type":"strong"}]},{"text":" (exfiltration/reverse shell/obfuscation patterns), ","type":"text"},{"text":"Control UI security","type":"text","marks":[{"type":"strong"}]},{"text":" (CVE-2026-25253), ","type":"text"},{"text":"reverse proxy config","type":"text","marks":[{"type":"strong"}]},{"text":" (CVE-2026-24763), gateway process exposure, synced folder detection, session secret scanning. Maps to OWASP Agentic Top 10 and NIST CSF. Return CRITICAL/WARNING/PASS summary.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Configuration Inspector","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"bash scripts/config_inspector.sh [--section gateway|channels|agents|tools|sessions|logging|all]","type":"text"}]},{"type":"paragraph","content":[{"text":"Parse ","type":"text"},{"text":"openclaw.json","type":"text","marks":[{"type":"code_inline"}]},{"text":" and report security-relevant settings per section with colored recommendations.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Prompt & System Instruction Checker","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"bash scripts/prompt_checker.sh [--workspace PATH]","type":"text"}]},{"type":"paragraph","content":[{"text":"Scan AGENTS.md, SOUL.md, USER.md, CLAUDE.md, and other bootstrap files for: missing security guardrails, overly permissive instructions, hardcoded secrets, infrastructure exposure, prompt injection vulnerabilities, and missing identity boundaries.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Session Transcript Scanner","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"bash scripts/session_scanner.sh [--agent AGENT_ID] [--max-files 20] [--deep]","type":"text"}]},{"type":"paragraph","content":[{"text":"Scan ","type":"text"},{"text":".jsonl","type":"text","marks":[{"type":"code_inline"}]},{"text":" session files for leaked credentials (AWS keys, GitHub PATs, API keys, private keys, bot tokens, Google API keys). With ","type":"text"},{"text":"--deep","type":"text","marks":[{"type":"code_inline"}]},{"text":": also check for IP addresses, base64 blobs, file paths, and old files.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Example Output","type":"text"}]},{"type":"paragraph","content":[{"text":"security_audit.sh","type":"text","marks":[{"type":"strong"}]},{"text":" (abbreviated):","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"============================================\n 1. Version & Known Vulnerabilities\n============================================\n[PASS] Version 2026.2.19 includes CVE-2026-25253/24763/25157 patches\n[PASS] Version includes skill/plugin safety scanner (v2026.2.6+)\n...\n============================================\n Audit Summary\n============================================\n 0 CRITICAL\n 2 Warnings\n 3 Informational\n 8 Passed","type":"text"}]},{"type":"paragraph","content":[{"text":"config_inspector.sh","type":"text","marks":[{"type":"strong"}]},{"text":" (abbreviated):","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"=== Gateway Configuration ===\n Mode: local (default)\n Bind: loopback (default)\n Port: 18789 (default)\n ✓ Loopback bind (secure default)","type":"text"}]},{"type":"paragraph","content":[{"text":"session_scanner.sh","type":"text","marks":[{"type":"strong"}]},{"text":" (abbreviated):","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"Found 5 session file(s) to scan (max: 20)\n--- agents/main/sessions/2026-02-10.jsonl (1.2M) ---\n[CRITICAL] AWS Access Key: 1 match(es)\n=== Summary ===\n 1 file(s) contain potential secrets (1 total matches)","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Script Prerequisites & Error Handling","type":"text"}]},{"type":"paragraph","content":[{"text":"All scripts require ","type":"text"},{"text":"bash","type":"text","marks":[{"type":"code_inline"}]},{"text":" and standard Unix utilities (","type":"text"},{"text":"grep","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"awk","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"wc","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"stat","type":"text","marks":[{"type":"code_inline"}]},{"text":"). If a script fails:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"~/.openclaw","type":"text","marks":[{"type":"code_inline"},{"type":"strong"}]},{"text":" not found","type":"text","marks":[{"type":"strong"}]},{"text":": Pass ","type":"text"},{"text":"--state-dir PATH","type":"text","marks":[{"type":"code_inline"}]},{"text":" to point to the actual OpenClaw home, or set ","type":"text"},{"text":"OPENCLAW_HOME","type":"text","marks":[{"type":"code_inline"}]},{"text":".","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"jq","type":"text","marks":[{"type":"code_inline"},{"type":"strong"}]},{"text":" not installed","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"config_inspector.sh","type":"text","marks":[{"type":"code_inline"}]},{"text":" uses heuristic grep-based parsing and does NOT require ","type":"text"},{"text":"jq","type":"text","marks":[{"type":"code_inline"}]},{"text":". Other scripts also avoid ","type":"text"},{"text":"jq","type":"text","marks":[{"type":"code_inline"}]},{"text":".","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Permission denied","type":"text","marks":[{"type":"strong"}]},{"text":": Scripts only read files — ensure the current user has read access to ","type":"text"},{"text":"~/.openclaw/","type":"text","marks":[{"type":"code_inline"}]},{"text":". Do not run as root.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"No session files found","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"session_scanner.sh","type":"text","marks":[{"type":"code_inline"}]},{"text":" looks in ","type":"text"},{"text":"agents/*/sessions/*.jsonl","type":"text","marks":[{"type":"code_inline"}]},{"text":". If sessions are stored elsewhere, pass ","type":"text"},{"text":"--state-dir","type":"text","marks":[{"type":"code_inline"}]},{"text":".","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Empty or missing ","type":"text","marks":[{"type":"strong"}]},{"text":"openclaw.json","type":"text","marks":[{"type":"code_inline"},{"type":"strong"}]},{"text":": Scripts will report warnings for missing keys but will not crash. A missing config file is treated as \"all defaults.\"","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"When to Run Scripts","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"User Request","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Script","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"Check my OpenClaw security\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"security_audit.sh","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"Is my config safe?\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"config_inspector.sh","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"Review my agent prompts\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"prompt_checker.sh","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"Are there leaked secrets?\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"session_scanner.sh --deep","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"Full security review\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Run all four in sequence","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"Check for malicious skills\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"security_audit.sh","type":"text","marks":[{"type":"code_inline"}]},{"text":" (section 9) + ","type":"text"},{"text":"openclaw skills scan","type":"text","marks":[{"type":"code_inline"}]}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Reference Files","type":"text"}]},{"type":"paragraph","content":[{"text":"Read these as needed based on the user's task:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Security Hardening","type":"text","marks":[{"type":"link","attrs":{"href":"references/security.md","title":null}},{"type":"strong"}]},{"text":" — Known CVEs, OWASP Agentic Top 10 mapping, NIST CSF alignment, skill supply chain security, allowlists, sandbox, tool policies, credential management, audit checklist, incident response, prompt injection defense. ","type":"text"},{"text":"Read this for ANY security-related question or before recommending config changes.","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Quick lookup: ","type":"text"},{"text":"grep -n \"CVE\\|sandbox\\|dmPolicy\\|tool.polic\\|prompt.inject\\|incident\" references/security.md","type":"text","marks":[{"type":"code_inline"}]}]}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Configuration Reference","type":"text","marks":[{"type":"link","attrs":{"href":"references/configuration.md","title":null}},{"type":"strong"}]},{"text":" — All config keys, environment variables, channel setup (WhatsApp/Telegram/Discord/Slack/iMessage/Signal/BlueBubbles/etc.), session management, model providers, tools, logging, OPENCLAW_HOME.","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Quick lookup: ","type":"text"},{"text":"grep -n \"whatsapp\\|telegram\\|discord\\|slack\\|imessage\\|signal\\|bind\\|sandbox\\|dmPolic\\|session\" references/configuration.md","type":"text","marks":[{"type":"code_inline"}]}]}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Cloud Deployment","type":"text","marks":[{"type":"link","attrs":{"href":"references/cloud-deployment.md","title":null}},{"type":"strong"}]},{"text":" — Docker, GCP, AWS Bedrock, Fly.io, Railway, Render, Hetzner, Northflank, Nix, Ansible, macOS VM. Network architecture, IAM, volumes, remote access via Tailscale/SSH.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Multi-Agent & Routing","type":"text","marks":[{"type":"link","attrs":{"href":"references/multi-agent.md","title":null}},{"type":"strong"}]},{"text":" — Agent isolation, routing rules, per-agent sandbox/tools, bindings, session scoping, subagents, heartbeat, agent-to-agent communication.","type":"text"}]}]}]},{"type":"hr","attrs":{"markup":"---"}}]},"metadata":{"date":"2026-06-05","name":"clawpilot","author":"@skillopedia","source":{"stars":44,"repo_name":"clawpilot","origin_url":"https://github.com/kcchien/clawpilot/blob/HEAD/SKILL.md","repo_owner":"kcchien","body_sha256":"5a46ee5a5e90daa15870416277b69e43c5c00297e3a213600a28a010f33c540e","cluster_key":"e3c810210696aec87008b17945f303a6b6c7dcec18987f4a685c2e788daa43f4","clean_bundle":{"format":"clean-skill-bundle-v1","source":"kcchien/clawpilot/SKILL.md","attachments":[{"id":"5c3013f2-d1ce-507b-aae6-0c1be4e79d9d","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/5c3013f2-d1ce-507b-aae6-0c1be4e79d9d/attachment","path":".gitignore","size":70,"sha256":"8d33ca064a4d008aa4590761b9a400def021d7ad8f5a8d7ece80d7adaf49d635","contentType":"text/plain; charset=utf-8"},{"id":"ab4dd212-c03e-5dd6-a3ba-cd0fa0940720","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/ab4dd212-c03e-5dd6-a3ba-cd0fa0940720/attachment.md","path":"README.md","size":9154,"sha256":"7499144b05ce7c2e75b7b685df7e81818fcb66fd35d03a4baff44cefd59913ce","contentType":"text/markdown; charset=utf-8"},{"id":"d159d308-97cc-5bed-9adb-7e64c6b43692","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/d159d308-97cc-5bed-9adb-7e64c6b43692/attachment.yaml","path":"agents/openai.yaml","size":128,"sha256":"098ebd583b37612fa9809a97bb74372e18e8dc11a7b7af2dfbf1ca2843ef2979","contentType":"application/yaml; charset=utf-8"},{"id":"24ed673d-3f56-5f7f-ae98-0e04238129b7","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/24ed673d-3f56-5f7f-ae98-0e04238129b7/attachment.jpg","path":"assets/hero.jpg","size":360089,"sha256":"d958ea1470bbf8866757cedf211f3cba6ab201b91764ae968e4081b1a436fb84","contentType":"image/jpeg"},{"id":"d1765243-7a6d-53a2-a810-612959a129d4","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/d1765243-7a6d-53a2-a810-612959a129d4/attachment.svg","path":"assets/hero.svg","size":10891,"sha256":"70e4576c7c7ad20dc4ccc5ebf9572eab252cc67215a39d2e03390a8f712388df","contentType":"image/svg+xml"},{"id":"4502c45f-d4de-5387-8bf3-28d1374c5661","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/4502c45f-d4de-5387-8bf3-28d1374c5661/attachment.md","path":"references/cloud-deployment.md","size":7049,"sha256":"4ba2f400d6137f25d45da653330ad0e9a2762dd469aec7875d6c34cde8c5a969","contentType":"text/markdown; charset=utf-8"},{"id":"c370644d-dfbe-59f9-bde5-6cf9953bd6e6","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/c370644d-dfbe-59f9-bde5-6cf9953bd6e6/attachment.md","path":"references/configuration.md","size":16435,"sha256":"e03c77c3dbff928b13217ef4bcb539d8a54b227284504e2df3194e65759c1453","contentType":"text/markdown; charset=utf-8"},{"id":"36b978bc-c63f-5577-ac07-8ac5a12b9d86","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/36b978bc-c63f-5577-ac07-8ac5a12b9d86/attachment.md","path":"references/multi-agent.md","size":7327,"sha256":"cbb8e885e7c43676551ef11db86fff296e461043b6e4362daed01fb75ec3f565","contentType":"text/markdown; charset=utf-8"},{"id":"e8bb895e-694f-591f-b1d6-5ae514573334","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/e8bb895e-694f-591f-b1d6-5ae514573334/attachment.md","path":"references/security.md","size":19717,"sha256":"0054b572558e1a86fd60cc58043d8143eeb33673b66d9753c969553d8134ebe5","contentType":"text/markdown; charset=utf-8"},{"id":"143015c6-7660-5090-9738-57c7c99166e2","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/143015c6-7660-5090-9738-57c7c99166e2/attachment.sh","path":"scripts/check_updates.sh","size":1770,"sha256":"5054139ccbff185862944d12543dbbc4d2a0eca42a5fdffc5be3b1bd6aba49ae","contentType":"application/x-sh; charset=utf-8"},{"id":"20be4400-fc2a-59ce-9c8f-68c02858c3de","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/20be4400-fc2a-59ce-9c8f-68c02858c3de/attachment.sh","path":"scripts/config_inspector.sh","size":10741,"sha256":"0b81eee7ea58c9a61c53fbfa7ee509cf0320580d917412f72ac024a6629737fd","contentType":"application/x-sh; charset=utf-8"},{"id":"5f2897c7-243f-5835-87fa-ea86c3e9a085","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/5f2897c7-243f-5835-87fa-ea86c3e9a085/attachment.sh","path":"scripts/mark_updated.sh","size":525,"sha256":"b34d4a987a83ec19cd1237cb56a3684db4fc40dbe3c6e015f280d9e9a8bb9728","contentType":"application/x-sh; charset=utf-8"},{"id":"dc200827-5897-5d5d-ae62-b037994b9438","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/dc200827-5897-5d5d-ae62-b037994b9438/attachment.sh","path":"scripts/prompt_checker.sh","size":6896,"sha256":"1ff84ce093c5f7782194349ee249bda3993920f6681297c8f2308b8e17952b6f","contentType":"application/x-sh; charset=utf-8"},{"id":"f8c7c9cc-ae45-540e-af79-1f7075b5ec34","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/f8c7c9cc-ae45-540e-af79-1f7075b5ec34/attachment.sh","path":"scripts/security_audit.sh","size":20015,"sha256":"a93c263bae033c3db316b3fcca105a51059ffa3727b3bc3a1b069623465dbae7","contentType":"application/x-sh; charset=utf-8"},{"id":"e9cfa7a8-6b75-5393-9acc-bd9a26a080e9","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/e9cfa7a8-6b75-5393-9acc-bd9a26a080e9/attachment.sh","path":"scripts/session_scanner.sh","size":6448,"sha256":"ff88ec58adb35824c661bb195850fee28daab196cd20f065805aa4f0e1449fdc","contentType":"application/x-sh; charset=utf-8"}],"bundle_sha256":"86abc4f0a5e27b2131464dfefd9292ae6bf151d9f4c350436eddb882770aa838","attachment_count":15,"text_attachments":8,"attachment_storage":"skillopedia-attachments-v1","binary_attachments":7,"excluded_attachments":[]},"cluster_size":1,"skill_md_path":"SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"security","category_label":"Security"},"exact_dupes_collapsed_into_this":0},"version":"v1","category":"security","import_tag":"clean-skills-v1","description":"Expert skill for OpenClaw (v2026.2.19) — self-hosted AI gateway connecting chat apps (WhatsApp, Telegram, Discord, Slack, iMessage, Signal, LINE, Matrix, Teams, Google Chat) to AI agents. Use when user asks about: installing/configuring/updating OpenClaw, setting up or troubleshooting chat channels, security hardening and auditing, inspecting openclaw.json config or prompts (SOUL.md/AGENTS.md), multi-agent routing and session management, cloud deployment (AWS/GCP/Fly.io/Docker), upgrading versions, or discovering ClawHub skills. Includes bundled scripts for security audit, config inspection, and session scanning. Triggers on: \"openclaw\", \"openclaw.json\", \"~/.openclaw\", gateway config. Not for: general chatbot frameworks, non-OpenClaw gateways, or unrelated Docker questions.\n"}},"renderedAt":1782979993041}

OpenClaw Expert Skill Auto-Update Check (Run First) Before any other action , run the staleness check: - If : Proceed normally. - If : The skill references may be outdated. Before proceeding with the user's task: 1. Fetch the latest 3-5 releases from https://github.com/openclaw/openclaw/releases 2. Fetch https://docs.openclaw.ai/llms.txt for doc changes 3. Search web for recent OpenClaw CVEs or security advisories 4. Compare findings against the version in SKILL.md frontmatter and 5. Inform the user of any version gaps or new security issues found 6. If references were updated, run: 7. If no…