// Automated daily security audits for OpenClaw agents with DM delivery and optional email reporting. Runs deep audits, creates or updates a recurring cron job, and sends formatted reports to configured recipients.
Security advisory feed package for OpenClaw-related threats and vulnerabilities. The upstream feed is updated daily; local automation is handled by clawsec-suite or the operator.
Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot
ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.
Hermes-only runtime security attestation and drift detection skill for operator-managed Hermes infrastructure.
Picoclaw security posture skill with advisory awareness, configuration drift detection, and supply-chain verification guidance.
Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification.
| name | openclaw-audit-watchdog |
| version | 0.1.6 |
| description | Automated daily security audits for OpenClaw agents with DM delivery and optional email reporting. Runs deep audits, creates or updates a recurring cron job, and sends formatted reports to configured recipients. |
| homepage | https://clawsec.prompt.security |
| metadata | {"openclaw":{"emoji":"🔭","category":"security","requires":{"bins":["bash","openclaw","node"],"env":["PROMPTSEC_DM_CHANNEL","PROMPTSEC_DM_TO"]},"envVars":[{"name":"PROMPTSEC_DM_CHANNEL","required":true,"description":"Delivery channel for cron output."},{"name":"PROMPTSEC_DM_TO","required":true,"description":"Delivery recipient id/handle."},{"name":"PROMPTSEC_EMAIL_TO","required":false,"description":"Optional email copy destination."}]}} |
| clawdis | {"emoji":"🔭","requires":{"bins":["bash","openclaw","node"],"env":["PROMPTSEC_DM_CHANNEL","PROMPTSEC_DM_TO"]}} |
You can get openclaw-audit-watchdog in two ways:
If you've installed clawsec-suite, you may already have this!
Openclaw-audit-watchdog is bundled alongside ClawSec Suite to provide crucial automated security audit capabilities. When you install the suite, if you don't already have the audit watchdog installed, it will be deployed from the bundled copy.
Advantages:
~/.openclaw/skills/openclaw-audit-watchdog/Install openclaw-audit-watchdog independently without the full suite.
When to use standalone:
Advantages:
Standalone installation usually involves a network download from the published GitHub release. Verify the release source and archive integrity before installing it on production hosts.
Continue below for standalone installation instructions.
For standalone installs, verify the signed release manifest before trusting SKILL.md, skill.json, or the archive. The skill.json file is the package metadata/SBOM source, and the release pipeline signs checksums.json with the ClawSec release key.
set -euo pipefail
SKILL_NAME="openclaw-audit-watchdog"
VERSION="0.1.6"
REPO="prompt-security/clawsec"
TAG="${SKILL_NAME}-v${VERSION}"
BASE="https://github.com/${REPO}/releases/download/${TAG}"
ZIP_NAME="${SKILL_NAME}-v${VERSION}.zip"
TMP_DIR="$(mktemp -d)"
trap 'rm -rf "$TMP_DIR"' EXIT
RELEASE_PUBKEY_SHA256="711424e4535f84093fefb024cd1ca4ec87439e53907b305b79a631d5befba9c8"
curl -fsSL "$BASE/checksums.json" -o "$TMP_DIR/checksums.json"
curl -fsSL "$BASE/checksums.sig" -o "$TMP_DIR/checksums.sig"
curl -fsSL "$BASE/signing-public.pem" -o "$TMP_DIR/signing-public.pem"
curl -fsSL "$BASE/$ZIP_NAME" -o "$TMP_DIR/$ZIP_NAME"
curl -fsSL "$BASE/SKILL.md" -o "$TMP_DIR/SKILL.md"
curl -fsSL "$BASE/skill.json" -o "$TMP_DIR/skill.json"
ACTUAL_PUBKEY_SHA256="$(openssl pkey -pubin -in "$TMP_DIR/signing-public.pem" -outform DER | shasum -a 256 | awk '{print $1}')"
if [ "$ACTUAL_PUBKEY_SHA256" != "$RELEASE_PUBKEY_SHA256" ]; then
echo "ERROR: signing-public.pem fingerprint mismatch" >&2
exit 1
fi
openssl base64 -d -A -in "$TMP_DIR/checksums.sig" -out "$TMP_DIR/checksums.sig.bin"
openssl pkeyutl -verify -rawin -pubin \
-inkey "$TMP_DIR/signing-public.pem" \
-sigfile "$TMP_DIR/checksums.sig.bin" \
-in "$TMP_DIR/checksums.json" >/dev/null
hash_file() {
if command -v shasum >/dev/null 2>&1; then
shasum -a 256 "$1" | awk '{print $1}'
else
sha256sum "$1" | awk '{print $1}'
fi
}
verify_manifest_file() {
asset="$1"
path="$2"
expected="$(jq -r --arg asset "$asset" '.files[$asset].sha256 // empty' "$TMP_DIR/checksums.json")"
if [ -z "$expected" ]; then
echo "ERROR: checksums.json missing $asset" >&2
exit 1
fi
actual="$(hash_file "$path")"
if [ "$actual" != "$expected" ]; then
echo "ERROR: checksum mismatch for $asset" >&2
exit 1
fi
}
expected_archive="$(jq -r '.archive.sha256 // empty' "$TMP_DIR/checksums.json")"
if [ -z "$expected_archive" ]; then
echo "ERROR: checksums.json missing archive.sha256" >&2
exit 1
fi
actual_archive="$(hash_file "$TMP_DIR/$ZIP_NAME")"
if [ "$actual_archive" != "$expected_archive" ]; then
echo "ERROR: archive checksum mismatch" >&2
exit 1
fi
verify_manifest_file "SKILL.md" "$TMP_DIR/SKILL.md"
verify_manifest_file "skill.json" "$TMP_DIR/skill.json"
echo "Signed release manifest, archive, SKILL.md, and skill.json verified."
Only install or extract the archive after this verification succeeds.
Required runtime:
openclawnodebashOptional runtime:
sendmail for local MTA deliveryPROMPTSEC_SMTP_HOST / PROMPTSEC_SMTP_PORTgit only if PROMPTSEC_GIT_PULL=1This skill is not always-on by default, but when invoked it creates or updates an unattended openclaw cron job. Review the configured DM/email recipients and the host's openclaw/SMTP environment before enabling it.
Create (or update) a daily cron job that:
openclaw security audit --jsonopenclaw security audit --deep --jsonSummarizes findings (critical/warn/info + top findings)
Sends the report to:
PROMPTSEC_EMAIL_TO is configuredDefault schedule: daily at 23:00 (11pm) in the chosen timezone.
Delivery:
openclaw cron (unattended recurring job)For automated/MDM deployments, set environment variables before invoking:
export PROMPTSEC_DM_CHANNEL="telegram"
export PROMPTSEC_DM_TO="@yourhandle"
export PROMPTSEC_EMAIL_TO="security@yourcompany.com" # optional
export PROMPTSEC_TZ="America/New_York"
export PROMPTSEC_HOST_LABEL="prod-server-01"
# Then invoke the skill
/openclaw-audit-watchdog
The skill will automatically configure and create the cron job without prompts. If PROMPTSEC_EMAIL_TO is omitted, the job remains DM-only.
If environment variables aren't set, the skill will prompt minimally:
User: /openclaw-audit-watchdog
Agent: Setting up daily security audit watchdog...
What channel should I use for delivery? (e.g., telegram, slack)
User: telegram
Agent: What's the recipient ID or handle?
User: @myhandle
Agent: Optional email recipient? (leave blank to disable email)
User: security@yourcompany.com
Agent: Which timezone for the 23:00 daily run? (default: UTC)
User: America/Los_Angeles
Agent: ✓ Created cron job "Daily security audit (Prompt Security)"
Schedule: Daily at 23:00 America/Los_Angeles
Delivery: telegram → @myhandle, email → security@yourcompany.com
If a job already exists, the skill updates it instead of creating duplicates:
User: /openclaw-audit-watchdog
Agent: Found existing "Daily security audit (Prompt Security)" job.
Current: Daily at 23:00 UTC → telegram:@oldhandle
Update delivery target? (current: telegram:@oldhandle)
User: slack:#security-alerts
Agent: ✓ Updated cron job
Schedule: Daily at 23:00 UTC
Delivery: slack:#security-alerts
Each day at the scheduled time, you'll receive a report like:
🔭 Daily Security Audit Report
Host: prod-server-01
Time: 2026-02-16 23:00:00 America/New_York
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SUMMARY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✓ Standard Audit: 12 checks passed, 2 warnings
✓ Deep Audit: 8 probes passed, 1 critical
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CRITICAL FINDINGS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[CRIT-001] Unencrypted API Keys Detected
→ Remediation: Move credentials to encrypted vault or use environment variables
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
WARNINGS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[WARN-003] Outdated Dependencies Found
→ Remediation: Run `openclaw security audit --fix` to update
[WARN-007] Weak Permission on Config File
→ Remediation: chmod 600 ~/.openclaw/config.json
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Run `openclaw security audit --deep` for full details.
Want a different schedule? Set it before invoking:
# Run every 6 hours instead of daily
export PROMPTSEC_SCHEDULE="0 */6 * * *"
/openclaw-audit-watchdog
For managing multiple servers, use different host labels:
# On dev server
export PROMPTSEC_HOST_LABEL="dev-01"
export PROMPTSEC_DM_TO="@dev-team"
/openclaw-audit-watchdog
# On prod server
export PROMPTSEC_HOST_LABEL="prod-01"
export PROMPTSEC_DM_TO="@oncall"
/openclaw-audit-watchdog
Each will send reports with clear host identification.
To suppress audit findings that have been reviewed and accepted, pass the --enable-suppressions flag and ensure the config file includes the "enabledFor": ["audit"] sentinel:
# Create or edit the suppression config
cat > ~/.openclaw/security-audit.json <<'JSON'
{
"enabledFor": ["audit"],
"suppressions": [
{
"checkId": "skills.code_safety",
"skill": "clawsec-suite",
"reason": "First-party security tooling — reviewed by security team",
"suppressedAt": "2026-02-15"
}
]
}
JSON
# Run with suppressions enabled
/openclaw-audit-watchdog --enable-suppressions
Suppressed findings still appear in the report under an informational section but are excluded from critical/warning totals.
The audit pipeline supports an opt-in suppression mechanism for managing reviewed findings. Suppression uses defense-in-depth activation: two independent gates must both be satisfied.
--enable-suppressions flag must be passed at invocation."enabledFor" with "audit" in the array.If either gate is absent, all findings are reported normally and the suppression list is ignored.
--config <path> argumentOPENCLAW_AUDIT_CONFIG environment variable~/.openclaw/security-audit.json.clawsec/allowlist.json{
"enabledFor": ["audit"],
"suppressions": [
{
"checkId": "skills.code_safety",
"skill": "clawsec-suite",
"reason": "First-party security tooling — reviewed by security team",
"suppressedAt": "2026-02-15"
}
]
}
"enabledFor": ["audit"] -- audit suppression active (requires --enable-suppressions flag too)"enabledFor": ["advisory"] -- only advisory pipeline suppression (no effect on audit)"enabledFor": ["audit", "advisory"] -- both pipelines honor suppressionsenabledFor -- no suppression active (safe default)skills.code_safety)Provisioning (MDM-friendly): prefer environment variables (no prompts).
Required env:
PROMPTSEC_DM_CHANNEL (e.g. telegram)PROMPTSEC_DM_TO (recipient id)Optional env:
PROMPTSEC_EMAIL_TO (email recipient; if unset, email delivery stays disabled)PROMPTSEC_TZ (IANA timezone; default UTC)PROMPTSEC_HOST_LABEL (label included in report; default uses hostname)PROMPTSEC_INSTALL_DIR (stable path used by cron payload to cd before running runner; default: ~/.config/security-checkup)PROMPTSEC_GIT_PULL=1 (runner will git pull --ff-only if installed from git)OPENCLAW_AUDIT_CONFIG (suppression config path to persist into the cron payload)PROMPTSEC_SENDMAIL_BIN (explicit sendmail path)PROMPTSEC_SMTP_HOST, PROMPTSEC_SMTP_PORT, PROMPTSEC_SMTP_HELO, PROMPTSEC_SMTP_FROM (SMTP relay settings)Path expansion rules (important):
bash/zsh, use PROMPTSEC_INSTALL_DIR="$HOME/.config/security-checkup" (or absolute path).'$HOME/.config/security-checkup'.$env:PROMPTSEC_INSTALL_DIR = Join-Path $HOME ".config/security-checkup".$HOME directory segment.Interactive install is last resort if env vars or defaults are not set. Keep prompts minimal: DM target is required, email is optional, and the user should see a concise preflight review before persistence is enabled.
Use the cron tool to create a job with:
schedule.kind="cron"schedule.expr="0 23 * * *"schedule.tz=<installer tz>sessionTarget="isolated"wakeMode="now"payload.kind="agentTurn"payload.deliver=trueBefore creating or updating the job, print a preflight review that explicitly states:
openclaw, node, bash),Create the job with a payload message that instructs the isolated run to:
openclaw security audit --jsonopenclaw security audit --deep --jsonInclude:
checkId + title + 1-line remediationmessage toolEmail delivery is optional. Only promise or attempt it when PROMPTSEC_EMAIL_TO is configured.
If PROMPTSEC_EMAIL_TO is set, attempt delivery in this priority order:
A) If a local sendmail-compatible binary is available, use it first.
B) Otherwise, fallback to the configured SMTP relay:
PROMPTSEC_SMTP_HOSTPROMPTSEC_SMTP_PORTPROMPTSEC_SMTP_HELOPROMPTSEC_SMTP_FROMIf neither path is possible, still DM the user and include a line:
"NOTE: could not deliver email to <PROMPTSEC_EMAIL_TO> via configured sendmail/SMTP path"If PROMPTSEC_EMAIL_TO is not set, the cron payload must explicitly describe email as disabled rather than implying a default recipient.
Before adding a new job:
cron.list(includeDisabled=true)"Daily security audit" exists, update it instead of adding a duplicate:
"Daily security audit (Prompt Security)"The cron’s report should suggest fixes but must not apply them.
Do not run openclaw security audit --fix unless explicitly asked.