Community编程与开发github.com

healthcheck

Audit/harden OpenClaw hosts: SSH, firewall, updates, exposure, backups, disk encryption, gateway security.

兼容平台~Claude Code~Codex CLI~Cursor
npx add-skill https://github.com/clawdbot/clawdbot/tree/main/skills/healthcheck
查看原文浏览所有技能

OpenClaw host healthcheck

Goal: assess host risk, run read-only checks, then propose staged hardening without breaking access.

Rules

  • Ask before state-changing actions.
  • Do not change SSH/firewall/remote access until access path is confirmed.
  • Prefer reversible steps and rollback notes.
  • Never claim OpenClaw manages OS firewall, SSH, or updates.
  • If identity/role unknown, recommend only.
  • User choices: numbered list.
  • Never print secrets.

Context to infer first

  • OS/version, container vs host.
  • Privilege level.
  • Access path: local, SSH, RDP, tailnet.
  • Network exposure: public IP, reverse proxy, tunnel, LAN only.
  • OpenClaw gateway status, bind, auth.
  • Backup status.
  • Disk encryption.
  • Automatic security updates.
  • Usage mode: personal workstation, local assistant box, remote server, other.

Ask only for missing facts. Simple phrasing preferred.

Read-only checks

Ask once for permission to run read-only checks. Then run relevant commands.

Common:

openclaw security audit --deep
openclaw gateway status --deep
openclaw doctor

macOS:

sw_vers
lsof -nP -iTCP -sTCP:LISTEN
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
pfctl -s info
tmutil status
fdesetup status
softwareupdate --schedule

Linux:

cat /etc/os-release
ss -ltnup || ss -ltnp
ufw status || firewall-cmd --state || nft list ruleset
systemctl status ssh sshd
lsblk -f

Windows:

systeminfo
Get-NetFirewallProfile
Get-BitLockerVolume

Risk profile

After context is known, ask desired posture:

  1. Convenience: local/private, minimal prompts.
  2. Balanced: secure defaults, low friction.
  3. Strict: remote/public/sensitive data, more lock-down.

Report shape

  • Current posture: one paragraph.
  • Findings: severity + evidence + why it matters.
  • Recommended plan: staged, reversible.
  • Commands: read-only first; write actions only after approval.
  • Gaps: what could not be checked.

Hardening menu

Offer only relevant items:

  • Bind gateway to loopback/LAN/tailnet intentionally.
  • Require auth for remote access.
  • Close public ports or restrict by firewall.
  • Enable OS security updates.
  • Enable disk encryption.
  • Verify backups and restore path.
  • Disable password SSH or require keys/MFA where appropriate.
  • Add scheduled openclaw security audit --deep.

Confirm exact action before applying.

Individual skills in this repo

This repo contains 20 individual skills — each has its own dedicated page.

1password

Set up and use 1Password CLI for sign-in, desktop integration, and reading or injecting secrets.

acp-router

Route plain-language requests for Claude Code, Cursor, Copilot, OpenClaw ACP, OpenCode, Gemini CLI, Qwen, Kiro, Kimi, iFlow, Factory Droid, Kilocode, or explicit ACP harness work into either OpenClaw ACP runtime sessions or direct acpx-driven sessions ("telephone game" flow). For coding-agent thread requests, read this skill first, then use only `sessions_spawn` for thread creation. Codex chat binding defaults to the native Codex app-server plugin unless ACP is explicit or background spawn needs ACP.

agent-transcript

Add a redacted agent transcript section to GitHub PR or issue bodies during OpenClaw agent-created PR/issue workflows.

apple-notes

Create, view, edit, delete, search, move, or export Apple Notes via the memo CLI on macOS.

apple-reminders

List, add, edit, complete, or delete Apple Reminders and reminder lists via remindctl.

autoreview

Auto Review closeout. Codex review is the default when no engine is set and is the recommended reviewer.

bear-notes

Create, search, and manage Bear notes via grizzly CLI.

blacksmith-testbox

Run Blacksmith Testbox for CI-parity checks, secrets, hosted services, migrations, or builds local cannot reproduce.

blogwatcher

Monitor blogs and RSS/Atom feeds for updates using the blogwatcher CLI.

blucli

BluOS CLI (blu) for discovery, playback, grouping, and volume.

bluebubbles

Send and manage iMessages via BlueBubbles, including attachments, tapbacks, edits, replies, and groups.

browser-automation

Use when controlling web pages with the OpenClaw browser tool, especially multi-step flows, login checks, tab management, or recovery from stale refs/timeouts.

camsnap

Capture frames or clips from RTSP/ONVIF cameras.

canvas

Present HTML on connected OpenClaw node canvases, navigate/eval/snapshot, and debug canvas host URLs.

channel-message-flows

Use when previewing local channel message flow fixtures.

clawdtributor

Use for OpenClaw clawtributors PR/issue triage: Discrawl discovery, live-open rechecks, deep review, topic grouping, and compact @handle/LOC/type/blast/verification summaries.

clawhub

Search, install, update, sync, or publish agent skills with the ClawHub CLI and registry.

clawsweeper

Use for all ClawSweeper work: OpenClaw issue/PR sweep reports, commit-review reports, repair jobs, cloud fix PRs, @clawsweeper maintainer mention commands, trusted ClawSweeper-reviewed autofix/automerge, GitHub Actions monitoring, permissions, gates, and manual backfills.

clownfish-cloud-pr

Use when launching Clownfish in GitHub Actions to create or update one guarded GitHub implementation PR from issue/PR refs, a ClawSweeper report, a custom maintainer prompt, or to opt an existing Clownfish PR into ClawSweeper-reviewed cloud automerge.

codex-review

Codex code review closeout: local dirty changes, PR branch vs main, parallel tests.

相关技能

mostafaabdelazim-xperience/Claude

A repo where all my Claude skills can be shared with my team mates

community

blog-seo-check

>

community

kon-rad/augmi-skills

Awesome skills for augmi agents

community

monty1985/adams-mind

Adams Mind — Claude Code Skills Marketplace for product management, development, and team onboarding

community

pirxey/email-auth-audit

Universal agent skill that audits a domain's email authentication (SPF, DKIM, DMARC, BIMI with VMC/CMC verification) and walks you through fixing it step-by-step.

community

catcatcatstudio/cat-skills

AI agent skills for Claude Code, Cursor, Codex, and 40+ coding agents — architect, notebook, extract, cleanse

community
← More 编程与开发 skills