clawdbot-self-security-audit

Enables Clawdbot to perform a comprehensive security audit of its configuration, identifying vulnerabilities and hardening opportunities.

Install this skill

or

23/100

Security score

The clawdbot-self-security-audit skill was audited on Feb 12, 2026 and we found 41 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 527

Template literal with variable interpolation in command context

SourceSKILL.md

527

```bash

low line 61

Access to hidden dotfiles in home directory

SourceSKILL.md

61	cat ~/.clawdbot/clawdbot.json \| grep -A10 '"gateway"'

low line 84

Access to hidden dotfiles in home directory

SourceSKILL.md

84	cat ~/.clawdbot/clawdbot.json \| grep -E '"dm_policy\|"allowFrom"'

low line 112

Access to hidden dotfiles in home directory

SourceSKILL.md

112	cat ~/.clawdbot/clawdbot.json \| grep -E '"groupPolicy"\|"groups"'

low line 113

Access to hidden dotfiles in home directory

SourceSKILL.md

113	cat ~/.clawdbot/clawdbot.json \| grep -i "mention"

medium line 144

Access to hidden dotfiles in home directory

SourceSKILL.md

144	\| WhatsApp \| `~/.clawdbot/credentials/whatsapp/{accountId}/creds.json` \|

medium line 145

Access to hidden dotfiles in home directory

SourceSKILL.md

145	\| Telegram \| `~/.clawdbot/clawdbot.json` or env \|

medium line 146

Access to hidden dotfiles in home directory

SourceSKILL.md

146	\| Discord \| `~/.clawdbot/clawdbot.json` or env \|

medium line 147

Access to hidden dotfiles in home directory

SourceSKILL.md

147	\| Slack \| `~/.clawdbot/clawdbot.json` or env \|

medium line 148

Access to hidden dotfiles in home directory

SourceSKILL.md

148	\| Pairing allowlists \| `~/.clawdbot/credentials/channel-allowFrom.json` \|

medium line 149

Access to hidden dotfiles in home directory

SourceSKILL.md

149	\| Auth profiles \| `~/.clawdbot/agents/{agentId}/auth-profiles.json` \|

medium line 150

Access to hidden dotfiles in home directory

SourceSKILL.md

150	\| Legacy OAuth \| `~/.clawdbot/credentials/oauth.json` \|

low line 154

Access to hidden dotfiles in home directory

SourceSKILL.md

154	ls -la ~/.clawdbot/credentials/

low line 155

Access to hidden dotfiles in home directory

SourceSKILL.md

155	ls -la ~/.clawdbot/agents/*/auth-profiles.json 2>/dev/null

low line 156

Access to hidden dotfiles in home directory

SourceSKILL.md

156	stat -c "%a" ~/.clawdbot/credentials/oauth.json 2>/dev/null

low line 163

Access to hidden dotfiles in home directory

SourceSKILL.md

163	chmod 700 ~/.clawdbot

low line 164

Access to hidden dotfiles in home directory

SourceSKILL.md

164	chmod 600 ~/.clawdbot/credentials/oauth.json

low line 165

Access to hidden dotfiles in home directory

SourceSKILL.md

165	chmod 600 ~/.clawdbot/clawdbot.json

low line 180

Access to hidden dotfiles in home directory

SourceSKILL.md

180	cat ~/.clawdbot/clawdbot.json \| grep -A5 '"browser"'

low line 181

Access to hidden dotfiles in home directory

SourceSKILL.md

181	cat ~/.clawdbot/clawdbot.json \| grep -i "controlUi\|insecureAuth"

low line 182

Access to hidden dotfiles in home directory

SourceSKILL.md

182	ls -la ~/.clawdbot/browser/

low line 217

Access to hidden dotfiles in home directory

SourceSKILL.md

217	cat ~/.clawdbot/clawdbot.json \| grep -A10 '"gateway"'

low line 218

Access to hidden dotfiles in home directory

SourceSKILL.md

218	cat ~/.clawdbot/clawdbot.json \| grep '"tailscale"'

low line 249

Access to hidden dotfiles in home directory

SourceSKILL.md

249	cat ~/.clawdbot/clawdbot.json \| grep -i "restrict\|mcp\|elevated"

low line 250

Access to hidden dotfiles in home directory

SourceSKILL.md

250	cat ~/.clawdbot/clawdbot.json \| grep -i "workspaceAccess\|sandbox"

low line 251

Access to hidden dotfiles in home directory

SourceSKILL.md

251	cat ~/.clawdbot/clawdbot.json \| grep -i "openRoom"

low line 289

Access to hidden dotfiles in home directory

SourceSKILL.md

289	stat -c "%a" ~/.clawdbot

low line 290

Access to hidden dotfiles in home directory

SourceSKILL.md

290	ls -la ~/.clawdbot/*.json

low line 297

Access to hidden dotfiles in home directory

SourceSKILL.md

297	chmod 700 ~/.clawdbot

low line 298

Access to hidden dotfiles in home directory

SourceSKILL.md

298	chmod 600 ~/.clawdbot/clawdbot.json

low line 299

Access to hidden dotfiles in home directory

SourceSKILL.md

299	chmod 600 ~/.clawdbot/credentials/*

low line 312

Access to hidden dotfiles in home directory

SourceSKILL.md

312	cat ~/.clawdbot/clawdbot.json \| grep -i "plugin\|allowlist"

low line 313

Access to hidden dotfiles in home directory

SourceSKILL.md

313	cat ~/.clawdbot/clawdbot.json \| grep -i "model\|anthropic"

low line 344

Access to hidden dotfiles in home directory

SourceSKILL.md

344	cat ~/.clawdbot/clawdbot.json \| grep -i "logging\|redact"

low line 345

Access to hidden dotfiles in home directory

SourceSKILL.md

345	ls -la ~/.clawdbot/logs/

low line 353

Access to hidden dotfiles in home directory

SourceSKILL.md

353	"path": "~/.clawdbot/logs/"

low line 369

Access to hidden dotfiles in home directory

SourceSKILL.md

369	cat ~/.clawdbot/clawdbot.json \| grep -i "untrusted\|wrap"

low line 401

Access to hidden dotfiles in home directory

SourceSKILL.md

401	cat ~/.clawdbot/clawdbot.json \| grep -A10 '"blocked_commands"'

medium line 512

Access to hidden dotfiles in home directory

SourceSKILL.md

512	1. Check gateway logs and session transcripts — `~/.clawdbot/logs/`

low line 191

External URL reference

SourceSKILL.md

191	"remoteControlUrl": "https://...",

low line 641

External URL reference

SourceSKILL.md

641	- Original framework: [ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ on X](https://x.com/DanielMiessler/status/2015865548714975475)

Scanned on Feb 12, 2026

View Security Dashboard

Install this skill with one command

/learn @thesethrose/clawdbot-self-security-audit

GitHub Stars 58

Rate this skill

Categorydevelopment

UpdatedMarch 29, 2026

openclaw api devops-sre security-engineer ml-ai-engineer development

TheSethRose/Clawdbot-Security-Check