2.5k
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
3 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill vext-audit- audit.py16.1 KB
- SKILL.md1.5 KB
Overview
This skill performs a comprehensive, read-only security audit of your OpenClaw installation. It inspects configuration, file permissions, network exposure, SOUL.md integrity, and the safety of installed skills. Built by Vext Labs, it produces a local, actionable report and a letter grade summarizing your security posture. Reports are saved locally for offline review.
How this skill works
The auditor scans configuration files and runtime bindings to detect unsafe settings such as sandboxing disabled, excessive tool permissions, and 0.0.0.0 bindings. It checks file and directory permissions for sensitive artifacts and analyzes SOUL.md files for prompt-injection or malicious content patterns. Every installed skill is run through the VEXT Shield scanner for known risky patterns, and the tool computes an A–F security grade with concrete remediation steps. All checks are read-only and no network requests or external transmissions are performed.
When to use it
- After initial OpenClaw deployment to verify secure defaults
- Before exposing an instance to users or the public internet
- When adding or updating skills to validate safety and integrity
- Periodically as part of routine security hygiene and audits
- After configuration changes, key rotations, or platform upgrades
Best practices
- Run the audit from an administrative account with read access to configuration and skill files
- Keep OpenClaw and skills updated before auditing to detect current risks
- Review the generated report promptly and apply remediation steps locally
- Treat the grade and findings as a prioritized checklist, not a substitute for deeper pen testing
- Store reports securely on-device and rotate access to audit results
Example use cases
- Validate that no API keys or secrets are saved in plaintext or world-readable files
- Detect services bound to 0.0.0.0 or exposed ports before making the instance public
- Find overly permissive file modes on identity or credential files and get exact chmod recommendations
- Scan newly installed or archived skills for prompt injection, unsafe code patterns, or excessive tool access
- Generate a baseline security grade to track improvements across configuration changes
FAQ
No. The audit is strictly read-only. It only scans files and settings and never changes configuration or file contents.
Are results transmitted off this machine?
No. Audit results are stored locally in your home directory (by default under ~/.openclaw/vext-shield/reports/) and are not sent anywhere.