Audit/harden OpenClaw hosts: SSH, firewall, updates, exposure, backups, disk encryption, gateway security.
| name | healthcheck |
| description | Audit/harden OpenClaw hosts: SSH, firewall, updates, exposure, backups, disk encryption, gateway security. |
Goal: assess host risk, run read-only checks, then propose staged hardening without breaking access.
Ask only for missing facts. Simple phrasing preferred.
Ask once for permission to run read-only checks. Then run relevant commands.
Common:
openclaw security audit --deep
openclaw gateway status --deep
openclaw doctor
macOS:
sw_vers
lsof -nP -iTCP -sTCP:LISTEN
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
pfctl -s info
tmutil status
fdesetup status
softwareupdate --schedule
Linux:
cat /etc/os-release
ss -ltnup || ss -ltnp
ufw status || firewall-cmd --state || nft list ruleset
systemctl status ssh sshd
lsblk -f
Windows:
systeminfo
Get-NetFirewallProfile
Get-BitLockerVolume
After context is known, ask desired posture:
Offer only relevant items:
openclaw security audit --deep.Confirm exact action before applying.
Auto Review closeout. Codex review is the default when no engine is set and is the recommended reviewer.
Run, watch, debug, and summarize OpenClaw full release CI, release checks, live provider gates, install/update proofs, and release-secret preflights.
Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.
Triage, redact, clean up, and resolve OpenClaw GitHub Secret Scanning alerts in issues or PRs.
Use immediately for any pasted OpenClaw GitHub issue or PR URL/number, and for OpenClaw issue/PR review, triage, duplicate search, opener identity/who wrote it, author account age/activity, comments, labels, close, land, or maintainer evidence checks.
Use when controlling web pages with the OpenClaw browser tool, especially multi-step flows, login checks, tab management, or recovery from stale refs/timeouts.