一键在 Manus 中运行任何 Skill

开始使用

healthcheck

Audit/harden OpenClaw hosts: SSH, firewall, updates, exposure, backups, disk encryption, gateway security.

在 Manus 中运行

星标377,865

分支79,017

更新时间2026年5月17日 10:50

来源

openclaw

openclaw/openclaw

打开 GitHub 仓库查看创作者相关仓库

安装命令

下载

在 Manus 中运行

适用职业SOC

信息安全分析师计算机与数学类职业15-1212L4

SKILL.md

readonly

name	healthcheck
description	Audit/harden OpenClaw hosts: SSH, firewall, updates, exposure, backups, disk encryption, gateway security.

OpenClaw host healthcheck

Goal: assess host risk, run read-only checks, then propose staged hardening without breaking access.

Rules

Ask before state-changing actions.
Do not change SSH/firewall/remote access until access path is confirmed.
Prefer reversible steps and rollback notes.
Never claim OpenClaw manages OS firewall, SSH, or updates.
If identity/role unknown, recommend only.
User choices: numbered list.
Never print secrets.

Context to infer first

OS/version, container vs host.
Privilege level.
Access path: local, SSH, RDP, tailnet.
Network exposure: public IP, reverse proxy, tunnel, LAN only.
OpenClaw gateway status, bind, auth.
Backup status.
Disk encryption.
Automatic security updates.
Usage mode: personal workstation, local assistant box, remote server, other.

Ask only for missing facts. Simple phrasing preferred.

Read-only checks

Ask once for permission to run read-only checks. Then run relevant commands.

Common:

openclaw security audit --deep
openclaw gateway status --deep
openclaw doctor

macOS:

sw_vers
lsof -nP -iTCP -sTCP:LISTEN
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
pfctl -s info
tmutil status
fdesetup status
softwareupdate --schedule

Linux:

cat /etc/os-release
ss -ltnup || ss -ltnp
ufw status || firewall-cmd --state || nft list ruleset
systemctl status ssh sshd
lsblk -f

Windows:

systeminfo
Get-NetFirewallProfile
Get-BitLockerVolume

Risk profile

After context is known, ask desired posture:

Convenience: local/private, minimal prompts.
Balanced: secure defaults, low friction.
Strict: remote/public/sensitive data, more lock-down.

Report shape

Current posture: one paragraph.
Findings: severity + evidence + why it matters.
Recommended plan: staged, reversible.
Commands: read-only first; write actions only after approval.
Gaps: what could not be checked.

Hardening menu

Offer only relevant items:

Bind gateway to loopback/LAN/tailnet intentionally.
Require auth for remote access.
Close public ports or restrict by firewall.
Enable OS security updates.
Enable disk encryption.
Verify backups and restore path.
Disable password SSH or require keys/MFA where appropriate.
Add scheduled openclaw security audit --deep.

Confirm exact action before applying.

同仓库更多 Skills

同仓库

weather

openclaw/openclaw

Current weather and forecasts with web_fetch, falling back to wttr.in curl for locations, rain, temperature, travel planning.

2026-06-05377.9k

openclaw-secret-scanning-maintainer

openclaw/openclaw

Triage, redact, clean up, and resolve OpenClaw GitHub Secret Scanning alerts in issues or PRs.

2026-06-04377.9k

openclaw-test-heap-leaks

openclaw/openclaw

Investigate OpenClaw pnpm test memory growth, Vitest OOMs, RSS spikes, and heap snapshot deltas.

2026-06-04377.9k

release-openclaw-ci

openclaw/openclaw

Run, watch, debug, and summarize OpenClaw full release CI, release checks, live provider gates, install/update proofs, and release-secret preflights.

2026-06-04377.9k

release-openclaw-maintainer

openclaw/openclaw

Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.

2026-06-03377.9k

autoreview

openclaw/openclaw

Auto Review closeout. Codex review is the default when no engine is set and is the recommended reviewer.

2026-06-02377.9k

name	healthcheck
description	Audit/harden OpenClaw hosts: SSH, firewall, updates, exposure, backups, disk encryption, gateway security.

OpenClaw host healthcheck

Goal: assess host risk, run read-only checks, then propose staged hardening without breaking access.

Rules

Ask before state-changing actions.
Do not change SSH/firewall/remote access until access path is confirmed.
Prefer reversible steps and rollback notes.
Never claim OpenClaw manages OS firewall, SSH, or updates.
If identity/role unknown, recommend only.
User choices: numbered list.
Never print secrets.

Context to infer first

OS/version, container vs host.
Privilege level.
Access path: local, SSH, RDP, tailnet.
Network exposure: public IP, reverse proxy, tunnel, LAN only.
OpenClaw gateway status, bind, auth.
Backup status.
Disk encryption.
Automatic security updates.
Usage mode: personal workstation, local assistant box, remote server, other.

Ask only for missing facts. Simple phrasing preferred.

Read-only checks

Ask once for permission to run read-only checks. Then run relevant commands.

Common:

openclaw security audit --deep
openclaw gateway status --deep
openclaw doctor

macOS:

sw_vers
lsof -nP -iTCP -sTCP:LISTEN
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
pfctl -s info
tmutil status
fdesetup status
softwareupdate --schedule

Linux:

cat /etc/os-release
ss -ltnup || ss -ltnp
ufw status || firewall-cmd --state || nft list ruleset
systemctl status ssh sshd
lsblk -f

Windows:

systeminfo
Get-NetFirewallProfile
Get-BitLockerVolume

Risk profile

After context is known, ask desired posture:

Convenience: local/private, minimal prompts.
Balanced: secure defaults, low friction.
Strict: remote/public/sensitive data, more lock-down.

Report shape

Current posture: one paragraph.
Findings: severity + evidence + why it matters.
Recommended plan: staged, reversible.
Commands: read-only first; write actions only after approval.
Gaps: what could not be checked.

Hardening menu

Offer only relevant items:

Bind gateway to loopback/LAN/tailnet intentionally.
Require auth for remote access.
Close public ports or restrict by firewall.
Enable OS security updates.
Enable disk encryption.
Verify backups and restore path.
Disable password SSH or require keys/MFA where appropriate.
Add scheduled openclaw security audit --deep.

Confirm exact action before applying.