Back to Details

security-audit

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Security Audit Skill

安全审计Skill

When to use

使用场景

Run a security audit to identify vulnerabilities in your Clawdbot setup before deployment or on a schedule. Use auto-fix to remediate common issues automatically.
在部署前或按计划运行安全审计,以识别Clawdbot设置中的漏洞。使用自动修复功能自动修复常见问题。

Setup

设置

No external dependencies required. Uses native system tools where available.
无需外部依赖。尽可能使用原生系统工具。

How to

使用方法

Quick audit (common issues)

快速审计(常见问题)

bash
node skills/security-audit/scripts/audit.cjs
bash
node skills/security-audit/scripts/audit.cjs

Full audit (comprehensive scan)

完整审计(全面扫描)

bash
node skills/security-audit/scripts/audit.cjs --full
bash
node skills/security-audit/scripts/audit.cjs --full

Auto-fix common issues

自动修复常见问题

bash
node skills/security-audit/scripts/audit.cjs --fix
bash
node skills/security-audit/scripts/audit.cjs --fix

Audit specific areas

审计特定领域

bash
node skills/security-audit/scripts/audit.cjs --credentials      # Check for exposed API keys
node skills/security-audit/scripts/audit.cjs --ports            # Scan for open ports
node skills/security-audit/scripts/audit.cjs --configs          # Validate configuration
node skills/security-audit/scripts/audit.cjs --permissions      # Check file permissions
node skills/security-audit/scripts/audit.cjs --docker           # Docker security checks
bash
node skills/security-audit/scripts/audit.cjs --credentials      # 检查暴露的API密钥
node skills/security-audit/scripts/audit.cjs --ports            # 扫描开放端口
node skills/security-audit/scripts/audit.cjs --configs          # 验证配置
node skills/security-audit/scripts/audit.cjs --permissions      # 检查文件权限
node skills/security-audit/scripts/audit.cjs --docker           # Docker安全检查

Generate report

生成报告

bash
node skills/security-audit/scripts/audit.cjs --full --json > audit-report.json
bash
node skills/security-audit/scripts/audit.cjs --full --json > audit-report.json

Output

输出结果

The audit produces a report with:
LevelDescription
🔴 CRITICALImmediate action required (exposed credentials)
🟠 HIGHSignificant risk, fix soon
🟡 MEDIUMModerate concern
🟢 INFOFYI, no action needed
审计会生成一份包含以下级别的报告:
级别描述
🔴 CRITICAL需要立即处理(如暴露的凭证)
🟠 HIGH重大风险,尽快修复
🟡 MEDIUM中等风险
🟢 INFO仅供参考,无需处理

Checks Performed

执行的检查项

Credentials

凭证检查

  • API keys in environment files
  • Tokens in command history
  • Hardcoded secrets in code
  • Weak password patterns
  • 环境文件中的API密钥
  • 命令历史中的令牌
  • 代码中硬编码的机密信息
  • 弱密码模式

Ports

端口检查

  • Unexpected open ports
  • Services exposed to internet
  • Missing firewall rules
  • 意外开放的端口
  • 暴露在公网的服务
  • 缺失的防火墙规则

Configs

配置检查

  • Missing rate limiting
  • Disabled authentication
  • Default credentials
  • Open CORS policies
  • 缺失速率限制
  • 身份验证已禁用
  • 默认凭证
  • 开放的CORS策略

Files

文件检查

  • World-readable files
  • Executable by anyone
  • Sensitive files in public dirs
  • 全局可读文件
  • 所有人可执行的文件
  • 敏感文件存放在公共目录

Docker

Docker检查

  • Privileged containers
  • Missing resource limits
  • Root user in container
  • 特权容器
  • 缺失资源限制
  • 容器中使用Root用户

Auto-Fix

自动修复

The 
--fix
option automatically:
  • Sets restrictive file permissions (600 on .env)
  • Secures sensitive configuration files
  • Creates .gitignore if missing
  • Enables basic security headers
--fix
选项会自动执行以下操作:
  • 设置严格的文件权限(.env文件设为600)
  • 保护敏感配置文件
  • 若缺失则创建.gitignore
  • 启用基础安全头

Related skills

相关技能

  • security-monitor
    - Real-time monitoring (available separately)
  • security-monitor
    - 实时监控(需单独获取)