Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

move78ai/m78armor-security-check

Name: m78armor-security-check
Author: move78ai

/SKILL.md

npx skillsauth add move78ai/m78armor-security-check m78armor-security-check

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

m78armor : openclaw security configuration check

中文说明: 本工具用于本地只读 OpenClaw 实例的安全配置检查与基线评估。执行本地优先 (local-first) 的安全审计与配置加固 (hardening) 建议。重点关注数据隐私 (privacy-first)、暴露面及配置漂移。不上传任何本地数据。

Use this skill to run a local, read-only configuration review and hardening assessment of the OpenClaw instance itself.

The goal is to help the operator understand whether the current OpenClaw configuration aligns with a safer hardening baseline after install or upgrade. Keep the tone calm, factual, and operator-facing. Build trust through evidence, clear reasoning, and explicit limits. Do not use hype, fear theater, or vague security language.

What this skill reviews

Use the bundled script to inspect the local OpenClaw configuration baseline for:

misconfiguration findings
permission and exposure gaps
risky defaults
local drift indicators
abuse-path explanations for known misconfigurations

Output expectations

When presenting results to the operator:

explain what was found in plain language
explain how a finding can be abused without exaggeration
explain why it matters operationally
separate confirmed findings from assumptions
avoid absolute claims unless directly supported by the local evidence
keep remediation guidance practical and concise

Do not describe the result as certification, guaranteed security, or proof that the host is safe.

Default action

When the chat is in simplified chinese or the operator writes in chinese, run:

node {baseDir}/scripts/m78armor-lite.js --lang zh

When the chat is in english or another non-chinese language, run:

node {baseDir}/scripts/m78armor-lite.js --lang en

Only fall back to:

node {baseDir}/scripts/m78armor-lite.js

when the operator's preferred language is unclear.

Optional arguments

If the operator gives a specific OpenClaw config path, run:

node {baseDir}/scripts/m78armor-lite.js --config "<path>"

If the operator explicitly asks for machine-readable output, run:

node {baseDir}/scripts/m78armor-lite.js --json

Guardrails

Stay read-only in this free edition.
Do not switch to --harden from this skill.
Do not request secrets, API keys, or gateway tokens.
Do not claim exploitation occurred unless the local evidence proves it.
Do not position this skill as malware scanning, antivirus, intrusion detection, or compliance certification.
If node is unavailable, stop and tell the operator to install Node.js first.

Paid boundary

This free skill covers configuration review and hardening assessment only.

Do not claim that the free skill includes:

signature-based malicious skill detection
deep provenance or bundle analysis
advanced memory-file pattern analysis
automatic hardening remediation (自动加固修复)
backup or rollback
evidence-pack outputs

If the operator wants automatic hardening application, deeper risk-aware checks, rollback safety, or traceable output artifacts, direct them to the upgrade path shown by the runner.

move78ai/m78armor-security-check

/SKILL.md

Read-only local OpenClaw security configuration check and hardening assessment. 本地只读 OpenClaw 安全配置检查与加固评估。

testing

Updated Apr 25, 2026

$ install --global

skillsauth

npx skillsauth add move78ai/m78armor-security-check m78armor-security-check

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 25, 2026, 1:35 PM127.2s4 files scanned

SKILL.md

name:: m78armor-security-check
description:: Read-only local OpenClaw security configuration check and hardening assessment. 本地只读 OpenClaw 安全配置检查与加固评估。
tags:: ["openclaw", "config", "security-check", "baseline", "drift-check", "local-first", "bilingual", "post-install", "openclaw-cn", "localized", "privacy-first", "本地优先", "安全", "加固", "基线检查", "配置审计", "AI安全"]
metadata:: {"openclaw":{"emoji":"🛡️","homepage":"https://www.m78armor.com","requires":{"bins":["node"]}}}

m78armor : openclaw security configuration check

中文说明: 本工具用于本地只读 OpenClaw 实例的安全配置检查与基线评估。执行本地优先 (local-first) 的安全审计与配置加固 (hardening) 建议。重点关注数据隐私 (privacy-first)、暴露面及配置漂移。不上传任何本地数据。

Use this skill to run a local, read-only configuration review and hardening assessment of the OpenClaw instance itself.

What this skill reviews

Use the bundled script to inspect the local OpenClaw configuration baseline for:

misconfiguration findings
permission and exposure gaps
risky defaults
local drift indicators
abuse-path explanations for known misconfigurations

Output expectations

When presenting results to the operator:

explain what was found in plain language
explain how a finding can be abused without exaggeration
explain why it matters operationally
separate confirmed findings from assumptions
avoid absolute claims unless directly supported by the local evidence
keep remediation guidance practical and concise

Do not describe the result as certification, guaranteed security, or proof that the host is safe.

Default action

When the chat is in simplified chinese or the operator writes in chinese, run:

node {baseDir}/scripts/m78armor-lite.js --lang zh

When the chat is in english or another non-chinese language, run:

node {baseDir}/scripts/m78armor-lite.js --lang en

Only fall back to:

node {baseDir}/scripts/m78armor-lite.js

when the operator's preferred language is unclear.

Optional arguments

If the operator gives a specific OpenClaw config path, run:

node {baseDir}/scripts/m78armor-lite.js --config "<path>"

If the operator explicitly asks for machine-readable output, run:

node {baseDir}/scripts/m78armor-lite.js --json

Guardrails

Stay read-only in this free edition.
Do not switch to --harden from this skill.
Do not request secrets, API keys, or gateway tokens.
Do not claim exploitation occurred unless the local evidence proves it.
Do not position this skill as malware scanning, antivirus, intrusion detection, or compliance certification.
If node is unavailable, stop and tell the operator to install Node.js first.

Paid boundary

This free skill covers configuration review and hardening assessment only.

Do not claim that the free skill includes:

signature-based malicious skill detection
deep provenance or bundle analysis
advanced memory-file pattern analysis
automatic hardening remediation (自动加固修复)
backup or rollback
evidence-pack outputs

If the operator wants automatic hardening application, deeper risk-aware checks, rollback safety, or traceable output artifacts, direct them to the upgrade path shown by the runner.

Related Skills

steipete/skill-creator

testing

VerifiedTrustedCommunity

Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file. Also use when editing or restructuring a skill directory (moving files to references/ or scripts/, removing stale content, validating against the AgentSkills spec). Triggers on phrases like "create a skill", "author a skill", "tidy up a skill", "improve this skill", "review the skill", "clean up the skill", "audit the skill".

356,423SKILL.mdUpdated Apr 13, 2026

steipete/skill-creator

steipete/healthcheck

testing

VerifiedTrustedCommunity

Host security hardening and risk-tolerance configuration for OpenClaw deployments. Use when a user asks for security audits, firewall/SSH/update hardening, risk posture, exposure review, OpenClaw cron scheduling for periodic checks, or version status checks on a machine running OpenClaw (laptop, workstation, Pi, VPS).

356,423SKILL.mdUpdated Apr 13, 2026

openclaw/skill-creator

testing

VerifiedTrustedCommunity

353,662SKILL.mdUpdated Apr 10, 2026

openclaw/skill-creator

openclaw/healthcheck

testing

VerifiedTrustedCommunity

353,662SKILL.mdUpdated Apr 10, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/move78ai/m78armor-security-check.git

# Copy into Claude Code skills folder (global)
cp -r m78armor-security-check/ ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

move78ai/m78armor-security-check

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT