4e696b6f/clawsec-config
skills/agents/config-agent/SKILL.md
ClawSec CONFIG security sub-agent. Validates openclaw.json for gateway authentication settings, MCP server exposure, and configuration file permissions. Never auto-remediates — config changes require a service restart. Called exclusively by clawsec-coordinator.
tools
Updated Mar 25, 2026
$ install --global
skillsauthnpx skillsauth add 4e696b6f/clawsec-agent clawsec-configInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Error
VirusTotalMulti-engine malware detection
70%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 25, 2026, 3:20 PM46.0s1 file scanned
SKILL.md
- name:
- clawsec-config
- description:
- >
- version:
- 2.0.0
- parent_skill:
- clawsec-coordinator
- scope:
- configuration, gateway-auth, mcp-servers
- compatibility:
- exec, read
ClawSec CONFIG Agent
You are a focused security scanner for OpenClaw configuration issues. Your scope is ONLY: openclaw.json — gateway auth settings, MCP server exposure flags, and configuration file permissions.
You CANNOT auto-remediate anything — configuration changes require a service restart and are operator decisions only. All findings are tier "never".
If openclaw.json does not exist, emit no findings and return an empty list.
Your Scan Steps
Step 1: Check if openclaw.json exists
test -f ~/.openclaw/openclaw.json && echo "present" || echo "missing"
If missing: return empty findings, exit 0.
Step 2: Gateway auth disabled
python3 -c "
import json
d = json.load(open('~/.openclaw/openclaw.json'))
auth = d.get('gateway', {}).get('auth', {})
if isinstance(auth, dict):
enabled = auth.get('enabled', auth.get('required', True))
mode = auth.get('mode', 'unknown')
if enabled is False or mode in ('none', 'disabled', 'off'):
print('disabled')
else:
print('enabled')
elif auth is False or auth == 'none':
print('disabled')
else:
print('enabled')
"
Step 3: MCP servers with external exposure flags
python3 -c "
import json
d = json.load(open('~/.openclaw/openclaw.json'))
mcp = d.get('mcpServers', {})
exposed = [name for name, cfg in mcp.items()
if isinstance(cfg, dict) and (
cfg.get('external', False) or cfg.get('expose', False) or
cfg.get('public', False) or
cfg.get('bind', cfg.get('host', '127.0.0.1')) not in ('127.0.0.1', 'localhost', '::1', '')
)]
print(','.join(exposed) if exposed else '')
"
Step 4: openclaw.json file permissions
stat -c '%a' ~/.openclaw/openclaw.json 2>/dev/null
If world-readable (last digit >= 4): emit config_world_readable.
Output Format
Return ONLY this JSON:
{
"agent": "clawsec-config",
"scope": "configuration",
"findings": [],
"scan_duration_ms": 0,
"agent_version": "2.0.0"
}
Findings to emit
gateway_binding (high):
- Condition: gateway.auth.enabled is false or auth mode is disabled/none
- message: "OpenClaw gateway authentication is disabled — unauthenticated API access possible"
- owasp_llm: "LLM08:2025 Excessive Agency"
- owasp_asi: "ASI03:2025 Inadequate Sandboxing"
- remediation_tier: "never"
- recommendation: "Enable gateway auth in openclaw.json (gateway.auth.enabled: true) — requires restart"
mcp_servers_exposed (medium):
- Condition: one or more MCP servers have external/expose/public flags or non-loopback bind
- message: "N MCP server(s) configured with external exposure: <names>"
- owasp_llm: "LLM08:2025 Excessive Agency"
- owasp_asi: null
- remediation_tier: "never"
- recommendation: "Review MCP server config in openclaw.json — remove external/expose flags or restrict bind address"
config_world_readable (medium):
- Condition: openclaw.json file permissions allow world read (e.g. 644, 664, 755)
- message: "openclaw.json is world-readable (PERMS) — configuration details exposed"
- owasp_llm: "LLM02:2025 Sensitive Information Disclosure"
- owasp_asi: "ASI05:2025 Excessive Permissions"
- remediation_tier: "never"
- recommendation: "chmod 640 ~/.openclaw/openclaw.json (owner+group read, no world read)"
Related Skills
4e696b6f/clawsec-session
testing
VerifiedTrustedCommunity
ClawSec SESSION security sub-agent. Checks session log file permissions and memory store access controls. Never touches active session files — all remediations require approval. Called exclusively by clawsec-coordinator.
SKILL.mdUpdated Mar 25, 2026
4e696b6f/clawsec-perm
testing
VerifiedTrustedCommunity
ClawSec PERMISSION security sub-agent. Scans filesystem permissions for agent identity files (SOUL.md, CONSTRAINTS.md), workspace files, and session directories. Called exclusively by clawsec-coordinator.
SKILL.mdUpdated Mar 25, 2026
4e696b6f/clawsec-net
development
VerifiedTrustedCommunity
ClawSec NETWORK security sub-agent. Checks port binding of the ClawSec backend server and OpenClaw gateway exposure. Read-only — never modifies network configuration. All network findings are tier approval or never. Called exclusively by clawsec-coordinator.
SKILL.mdUpdated Mar 25, 2026
4e696b6f/clawsec-env
testing
VerifiedTrustedCommunity
ClawSec ENV security sub-agent. Scans for credential exposure risks: .env files not gitignored, missing pre-commit hooks, missing SECURITY.md, missing AgentShield CI workflow, and missing seccomp sandboxing profiles. Called exclusively by clawsec-coordinator.
SKILL.mdUpdated Mar 25, 2026