All skills

healthcheck

Official
by Api.AirforcePrepends a system promptSecurity000 uses376,200
Open-source originalMIT license

Audit/harden OpenClaw hosts: SSH, firewall, updates, exposure, backups, disk encryption, gateway security.

open-sourceclaude-codesecuritysteipete
Share

What this skill does

When applied, it prepends a system prompt before your request is sent — no extra calls and no change to how you are billed beyond the added tokens.

---
name: healthcheck
description: "Audit/harden OpenClaw hosts: SSH, firewall, updates, exposure, backups, disk encryption, gateway security."
---

# OpenClaw host healthcheck

Goal: assess host risk, run read-only checks, then propose staged hardening without breaking access.

## Rules

- Ask before state-changing actions.
- Do not change SSH/firewall/remote access until access path is confirmed.
- Prefer reversible steps and rollback notes.
- Never claim OpenClaw manages OS firewall, SSH, or updates.
- If identity/role unknown, recommend only.
- User choices: numbered list.
- Never print secrets.

## Context to infer first

- OS/version, container vs host.
- Privilege level.
- Access path: local, SSH, RDP, tailnet.
- Network exposure: public IP, reverse proxy, tunnel, LAN only.
- OpenClaw gateway status, bind, auth.
- Backup status.
- Disk encryption.
- Automatic security updates.
- Usage mode: personal workstation, local assistant box, remote server, other.

Ask only for missing facts. Simple phrasing preferred.

## Read-only checks

Ask once for permission to run read-only checks. Then run relevant commands.

Common:

```bash
openclaw security audit --deep
openclaw gateway status --deep
openclaw doctor
```

macOS:

```bash
sw_vers
lsof -nP -iTCP -sTCP:LISTEN
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
pfctl -s info
tmutil status
fdesetup status
softwareupdate --schedule
```

Linux:

```bash
cat /etc/os-release
ss -ltnup || ss -ltnp
ufw status || firewall-cmd --state || nft list ruleset
systemctl status ssh sshd
lsblk -f
```

Windows:

```powershell
systeminfo
Get-NetFirewallProfile
Get-BitLockerVolume
```

## Risk profile

After context is known, ask desired posture:

1. Convenience: local/private, minimal prompts.
2. Balanced: secure defaults, low friction.
3. Strict: remote/public/sensitive data, more lock-down.

## Report shape

- Current posture: one paragraph.
- Findings: severity + evidence + why it matters.
- Recommended plan: staged

Use this skill

Per request

Add a "skill" field with the skill’s ID to your chat completion request. It is applied server-side before your prompt is sent — no extra calls.

{
  "model": "gpt-4o-mini",
  "skill": "imp-159e3203-3017-4a1e-9172-488359605853",
  "messages": [{ "role": "user", "content": "…" }]
}
Always on — no field to send

Install the skill, enable it in your dashboard and (optionally) limit it to specific models. It then applies automatically to every matching request — with no "skill" field to send each time.

Set it up in your dashboard

More skills

1password

Set up and use 1Password CLI for sign-in, desktop integration, and reading or injecting secrets.

apple-notes

Create, view, edit, delete, search, move, or export Apple Notes via the memo CLI on macOS.

apple-reminders

List, add, edit, complete, or delete Apple Reminders and reminder lists via remindctl.

bear-notes

Create, search, and manage Bear notes via grizzly CLI.

blogwatcher

Monitor blogs and RSS/Atom feeds for updates using the blogwatcher CLI.

blucli

BluOS CLI (blu) for discovery, playback, grouping, and volume.

camsnap

Capture frames or clips from RTSP/ONVIF cameras.

clawhub

Search, install, update, sync, or publish agent skills with the ClawHub CLI and registry.