Back to Details

openclaw-audit-watchdog

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Prompt Security Audit (openclaw)

提示词安全审计 (openclaw)

Installation Options

安装选项

You can get openclaw-audit-watchdog in two ways:
你可以通过两种方式获取openclaw-audit-watchdog:

Option A: Bundled with ClawSec Suite (Recommended)

选项A:随ClawSec Suite捆绑安装(推荐)

If you've installed clawsec-suite, you may already have this!
Openclaw-audit-watchdog is bundled alongside ClawSec Suite to provide crucial automated security audit capabilities. When you install the suite, if you don't already have the audit watchdog installed, it will be deployed from the bundled copy.
Advantages:
  • Convenient - no separate download needed
  • Standard location - installed to 
    ~/.openclaw/skills/openclaw-audit-watchdog/
  • Preserved - if you already have audit watchdog installed, it won't be overwritten
  • Single verification - integrity checked as part of suite package
如果你已经安装了clawsec-suite,你可能已经拥有该工具了!
Openclaw-audit-watchdog与ClawSec Suite捆绑提供,用于实现核心的自动化安全审计能力。安装套件时,如果你还没有安装审计看门狗程序,就会自动从捆绑副本中部署该工具。
优势:
  • 便捷:无需单独下载
  • 路径标准:安装到 
    ~/.openclaw/skills/openclaw-audit-watchdog/
  • 保留原有版本:如果你已经安装了审计看门狗,不会覆盖现有版本
  • 单次校验:作为套件包的一部分统一进行完整性校验

Option B: Standalone Installation (This Page)

选项B:独立安装(本页说明)

Install openclaw-audit-watchdog independently without the full suite.
When to use standalone:
  • You only need the audit watchdog (not other suite components)
  • You want to install before installing the suite
  • You prefer explicit control over audit watchdog installation
Advantages:
  • Lighter weight installation
  • Independent from suite
  • Direct control over installation process
Continue below for standalone installation instructions.
无需安装完整套件,独立安装openclaw-audit-watchdog。
适用场景:
  • 你只需要审计看门狗,不需要其他套件组件
  • 你希望在安装套件之前先安装该工具
  • 你希望完全掌控审计看门狗的安装过程
优势:
  • 更轻量的安装包
  • 与套件独立
  • 直接控制安装流程
继续查看下方的独立安装说明。

Goal

目标

Create (or update) a daily cron job that:
  1. Runs:
  • openclaw security audit --json
  • openclaw security audit --deep --json
  1. Summarizes findings (critical/warn/info + top findings)
  2. Sends the report to:
  • a user-selected DM target (channel + recipient id/handle)
Default schedule: daily at 23:00 (11pm) in the chosen timezone.
Delivery:
  • DM to last active session
创建(或更新)每日运行的cron任务,实现以下功能:
  1. 执行以下命令:
  • openclaw security audit --json
  • openclaw security audit --deep --json
  1. 汇总审计结果(严重/警告/提示 + 高危结果)
  2. 将报告发送到:
  • 用户指定的私信目标(渠道 + 接收方ID/账号)
默认调度规则:所选时区的每日23:00(晚上11点)
投递方式:
  • 发送私信到最近活跃的会话

Usage Examples

使用示例

Example 1: Quick Start (Environment Variables)

示例1:快速启动(环境变量配置)

For automated/MDM deployments, set environment variables before invoking:
bash
export PROMPTSEC_DM_CHANNEL="telegram"
export PROMPTSEC_DM_TO="@yourhandle"
export PROMPTSEC_TZ="America/New_York"
export PROMPTSEC_HOST_LABEL="prod-server-01"
适用于自动化/MDM部署场景,调用前先设置环境变量:
bash
export PROMPTSEC_DM_CHANNEL="telegram"
export PROMPTSEC_DM_TO="@yourhandle"
export PROMPTSEC_TZ="America/New_York"
export PROMPTSEC_HOST_LABEL="prod-server-01"

Then invoke the skill

Then invoke the skill

/openclaw-audit-watchdog

The skill will automatically configure and create the cron job without prompts.
/openclaw-audit-watchdog

该Skill会自动配置并创建cron任务,无需额外交互。

Example 2: Interactive Setup

示例2:交互式配置

If environment variables aren't set, the skill will prompt minimally:
User: /openclaw-audit-watchdog

Agent: Setting up daily security audit watchdog...
       What channel should I use for delivery? (e.g., telegram, slack)
User: telegram

Agent: What's the recipient ID or handle?
User: @myhandle

Agent: Which timezone for the 23:00 daily run? (default: UTC)
User: America/Los_Angeles

Agent: ✓ Created cron job "Daily security audit (Prompt Security)"
       Schedule: Daily at 23:00 America/Los_Angeles
       Delivery: telegram → @myhandle
如果没有设置环境变量,该Skill会进行最少的交互提示:
User: /openclaw-audit-watchdog

Agent: Setting up daily security audit watchdog...
       What channel should I use for delivery? (e.g., telegram, slack)
User: telegram

Agent: What's the recipient ID or handle?
User: @myhandle

Agent: Which timezone for the 23:00 daily run? (default: UTC)
User: America/Los_Angeles

Agent: ✓ Created cron job "Daily security audit (Prompt Security)"
       Schedule: Daily at 23:00 America/Los_Angeles
       Delivery: telegram → @myhandle

Example 3: Updating Existing Job

示例3:更新现有任务

If a job already exists, the skill updates it instead of creating duplicates:
User: /openclaw-audit-watchdog

Agent: Found existing "Daily security audit (Prompt Security)" job.
       Current: Daily at 23:00 UTC → telegram:@oldhandle

       Update delivery target? (current: telegram:@oldhandle)
User: slack:#security-alerts

Agent: ✓ Updated cron job
       Schedule: Daily at 23:00 UTC
       Delivery: slack:#security-alerts
如果已经存在同名任务,该Skill会更新现有任务,不会创建重复项:
User: /openclaw-audit-watchdog

Agent: Found existing "Daily security audit (Prompt Security)" job.
       Current: Daily at 23:00 UTC → telegram:@oldhandle

       Update delivery target? (current: telegram:@oldhandle)
User: slack:#security-alerts

Agent: ✓ Updated cron job
       Schedule: Daily at 23:00 UTC
       Delivery: slack:#security-alerts

Example 4: What Gets Delivered

示例4:报告内容示例

Each day at the scheduled time, you'll receive a report like:
🔭 Daily Security Audit Report
Host: prod-server-01
Time: 2026-02-16 23:00:00 America/New_York

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SUMMARY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✓ Standard Audit: 12 checks passed, 2 warnings
✓ Deep Audit: 8 probes passed, 1 critical

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CRITICAL FINDINGS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[CRIT-001] Unencrypted API Keys Detected
→ Remediation: Move credentials to encrypted vault or use environment variables

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
WARNINGS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[WARN-003] Outdated Dependencies Found
→ Remediation: Run `openclaw security audit --fix` to update

[WARN-007] Weak Permission on Config File
→ Remediation: chmod 600 ~/.openclaw/config.json

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Run `openclaw security audit --deep` for full details.
在调度的时间点,你每天会收到如下格式的报告:
🔭 Daily Security Audit Report
Host: prod-server-01
Time: 2026-02-16 23:00:00 America/New_York

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SUMMARY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✓ Standard Audit: 12 checks passed, 2 warnings
✓ Deep Audit: 8 probes passed, 1 critical

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CRITICAL FINDINGS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[CRIT-001] Unencrypted API Keys Detected
→ Remediation: Move credentials to encrypted vault or use environment variables

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
WARNINGS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[WARN-003] Outdated Dependencies Found
→ Remediation: Run `openclaw security audit --fix` to update

[WARN-007] Weak Permission on Config File
→ Remediation: chmod 600 ~/.openclaw/config.json

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Run `openclaw security audit --deep` for full details.

Example 5: Custom Schedule

示例5:自定义调度规则

Want a different schedule? Set it before invoking:
bash
undefined
如果想要调整调度频率,调用前设置对应环境变量:
bash
undefined

Run every 6 hours instead of daily

Run every 6 hours instead of daily

export PROMPTSEC_SCHEDULE="0 */6 * * *" /openclaw-audit-watchdog
undefined
export PROMPTSEC_SCHEDULE="0 */6 * * *" /openclaw-audit-watchdog
undefined

Example 6: Multiple Environments

示例6:多环境适配

For managing multiple servers, use different host labels:
bash
undefined
管理多台服务器时,使用不同的主机标签:
bash
undefined

On dev server

On dev server

export PROMPTSEC_HOST_LABEL="dev-01" export PROMPTSEC_DM_TO="@dev-team" /openclaw-audit-watchdog
export PROMPTSEC_HOST_LABEL="dev-01" export PROMPTSEC_DM_TO="@dev-team" /openclaw-audit-watchdog

On prod server

On prod server

export PROMPTSEC_HOST_LABEL="prod-01" export PROMPTSEC_DM_TO="@oncall" /openclaw-audit-watchdog

Each will send reports with clear host identification.
export PROMPTSEC_HOST_LABEL="prod-01" export PROMPTSEC_DM_TO="@oncall" /openclaw-audit-watchdog

每个实例发送的报告都会带有清晰的主机标识。

Example 7: Suppressing Known Findings

示例7:屏蔽已知结果

To suppress audit findings that have been reviewed and accepted, pass the 
--enable-suppressions
flag and ensure the config file includes the 
"enabledFor": ["audit"]
sentinel:
bash
undefined
如果要屏蔽已经过审核确认的审计结果,添加
--enable-suppressions
参数运行,同时确保配置文件中包含
"enabledFor": ["audit"]
标识:
bash
undefined

Create or edit the suppression config

Create or edit the suppression config

cat > ~/.openclaw/security-audit.json <<'JSON' { "enabledFor": ["audit"], "suppressions": [ { "checkId": "skills.code_safety", "skill": "clawsec-suite", "reason": "First-party security tooling — reviewed by security team", "suppressedAt": "2026-02-15" } ] } JSON
cat > ~/.openclaw/security-audit.json <<'JSON' { "enabledFor": ["audit"], "suppressions": [ { "checkId": "skills.code_safety", "skill": "clawsec-suite", "reason": "First-party security tooling — reviewed by security team", "suppressedAt": "2026-02-15" } ] } JSON

Run with suppressions enabled

Run with suppressions enabled

/openclaw-audit-watchdog --enable-suppressions

Suppressed findings still appear in the report under an informational section but are excluded from critical/warning totals.
/openclaw-audit-watchdog --enable-suppressions

被屏蔽的结果仍然会出现在报告的信息区域,但不会计入严重/警告的统计总数。

Suppression / Allowlist

屏蔽/白名单机制

The audit pipeline supports an opt-in suppression mechanism for managing reviewed findings. Suppression uses defense-in-depth activation: two independent gates must both be satisfied.
审计流水线支持可选的屏蔽机制,用于管理已审核的结果。屏蔽机制采用纵深防御的激活规则:必须同时满足两个独立的条件才能生效。

Activation Requirements

激活要求

  1. CLI flag: The 
    --enable-suppressions
    flag must be passed at invocation.
  2. Config sentinel: The configuration file must include 
    "enabledFor"
    with 
    "audit"
    in the array.
If either gate is absent, all findings are reported normally and the suppression list is ignored.
  1. CLI参数: 调用时必须传入
    --enable-suppressions
    参数。
  2. 配置标识: 配置文件的数组中必须包含
    "enabledFor": ["audit"]
    配置。
任意一个条件不满足,所有结果都会正常上报,屏蔽列表会被忽略。

Config File Resolution (4-tier)

配置文件优先级(4级)

  1. Explicit 
    --config <path>
    argument
  2. OPENCLAW_AUDIT_CONFIG
    environment variable
  3. ~/.openclaw/security-audit.json
  4. .clawsec/allowlist.json
  1. 显式指定的
    --config <path>
    参数
  2. OPENCLAW_AUDIT_CONFIG
    环境变量指定的路径
  3. ~/.openclaw/security-audit.json
  4. .clawsec/allowlist.json

Config Format

配置格式

json
{
  "enabledFor": ["audit"],
  "suppressions": [
    {
      "checkId": "skills.code_safety",
      "skill": "clawsec-suite",
      "reason": "First-party security tooling — reviewed by security team",
      "suppressedAt": "2026-02-15"
    }
  ]
}
json
{
  "enabledFor": ["audit"],
  "suppressions": [
    {
      "checkId": "skills.code_safety",
      "skill": "clawsec-suite",
      "reason": "First-party security tooling — reviewed by security team",
      "suppressedAt": "2026-02-15"
    }
  ]
}

Sentinel Semantics

标识语义

  • "enabledFor": ["audit"]
    -- audit suppression active (requires 
    --enable-suppressions
    flag too)
  • "enabledFor": ["advisory"]
    -- only advisory pipeline suppression (no effect on audit)
  • "enabledFor": ["audit", "advisory"]
    -- both pipelines honor suppressions
  • Missing or empty 
    enabledFor
    -- no suppression active (safe default)
  • "enabledFor": ["audit"]
    -- 审计屏蔽功能激活(仍需搭配
    --enable-suppressions
    参数)
  • "enabledFor": ["advisory"]
    -- 仅通知流水线屏蔽生效(对审计无影响)
  • "enabledFor": ["audit", "advisory"]
    -- 两个流水线都启用屏蔽规则
  • 缺失或为空的
    enabledFor
    -- 无屏蔽功能生效(安全默认值)

Matching Rules

匹配规则

  • checkId: exact match against the audit finding's check identifier (e.g., 
    skills.code_safety
    )
  • skill: case-insensitive match against the skill name from the finding
  • Both fields must match for a finding to be suppressed
  • checkId: 与审计结果的检查ID完全匹配(如
    skills.code_safety
  • skill: 与结果中的Skill名称不区分大小写匹配
  • 必须同时匹配两个字段,对应的结果才会被屏蔽。

Installation flow (interactive)

安装流程(交互式)

Provisioning (MDM-friendly): prefer environment variables (no prompts).
Required env:
  • PROMPTSEC_DM_CHANNEL
    (e.g. 
    telegram
    )
  • PROMPTSEC_DM_TO
    (recipient id)
Optional env:
  • PROMPTSEC_TZ
    (IANA timezone; default 
    UTC
    )
  • PROMPTSEC_HOST_LABEL
    (label included in report; default uses 
    hostname
    )
  • PROMPTSEC_INSTALL_DIR
    (stable path used by cron payload to 
    cd
    before running runner; default: 
    ~/.config/security-checkup
    )
  • PROMPTSEC_GIT_PULL=1
    (runner will 
    git pull --ff-only
    if installed from git)
Path expansion rules (important):
  • In 
    bash
    /
    zsh
    , use 
    PROMPTSEC_INSTALL_DIR="$HOME/.config/security-checkup"
    (or absolute path).
  • Do not pass a single-quoted literal like 
    '$HOME/.config/security-checkup'
    .
  • On PowerShell, prefer: 
    $env:PROMPTSEC_INSTALL_DIR = Join-Path $HOME ".config/security-checkup"
    .
  • If path resolution fails, setup now exits with a clear error instead of creating a literal 
    $HOME
    directory segment.
Interactive install is last resort if env vars or defaults are not set.
even in that case keep prompts minimalistic the watchdog tool is pretty straight up configured out of the box.
部署(适配MDM场景):优先使用环境变量配置(无交互)。
必填环境变量:
  • PROMPTSEC_DM_CHANNEL
    (例如 
    telegram
    )
  • PROMPTSEC_DM_TO
    (接收方ID)
可选环境变量:
  • PROMPTSEC_TZ
    (IANA时区;默认 
    UTC
    )
  • PROMPTSEC_HOST_LABEL
    (报告中展示的主机标签;默认使用
    hostname
    )
  • PROMPTSEC_INSTALL_DIR
    (cron负载执行前切换的固定路径;默认: 
    ~/.config/security-checkup
    )
  • PROMPTSEC_GIT_PULL=1
    (如果是通过git安装的,运行器会执行
    git pull --ff-only
    更新)
路径扩展规则(重要):
  • bash
    /
    zsh
    中,使用
    PROMPTSEC_INSTALL_DIR="$HOME/.config/security-checkup"
    (或绝对路径)。
  • 不要传入单引号包裹的字面量,比如
    '$HOME/.config/security-checkup'
  • 在PowerShell中,推荐使用:
    $env:PROMPTSEC_INSTALL_DIR = Join-Path $HOME ".config/security-checkup"
  • 如果路径解析失败,安装程序会直接抛出清晰的错误退出,不会创建字面量
    $HOME
    的目录段。
如果环境变量或默认配置都未设置,才会回退到交互式安装。 即便在这种情况下,也只会进行最少的交互提示,该看门狗工具开箱即可完成配置。

Create the cron job

创建cron任务

Use the 
cron
tool to create a job with:
  • schedule.kind="cron"
  • schedule.expr="0 23 * * *"
  • schedule.tz=<installer tz>
  • sessionTarget="isolated"
  • wakeMode="now"
  • payload.kind="agentTurn"
  • payload.deliver=true
使用
cron
工具创建任务,配置如下:
  • schedule.kind="cron"
  • schedule.expr="0 23 * * *"
  • schedule.tz=<安装时指定的时区>
  • sessionTarget="isolated"
  • wakeMode="now"
  • payload.kind="agentTurn"
  • payload.deliver=true

Payload message template (agentTurn)

负载消息模板(agentTurn)

Create the job with a payload message that instructs the isolated run to:
  1. Run the audits
  • Prefer JSON output for robust parsing: 
    • openclaw security audit --json
    • openclaw security audit --deep --json
  1. Render a concise text report:
Include:
  • Timestamp + host identifier if available
  • Summary counts
  • For each CRITICAL/WARN: 
    checkId
    + 
    title
    + 1-line remediation
  • If deep probe fails: include the probe error line
  1. Deliver the report:
  • DM to the chosen user target using 
    message
    tool
创建任务时附带的负载消息需要指导隔离运行环境完成以下操作:
  1. 执行审计
优先使用JSON输出保证解析稳定性:
  • openclaw security audit --json
  • openclaw security audit --deep --json
  1. 渲染简洁的文本报告
包含以下内容:
  • 时间戳 + 主机标识(如果有)
  • 结果统计汇总
  • 每个严重/警告项:
    checkId
    + 
    标题
    + 1行修复建议
  • 如果深度探测失败:包含探测错误行
  1. 投递报告
  • 使用
    message
    工具向指定用户目标发送私信

Email delivery requirement

邮件投递要求

Attempt email delivery in this priority order:
A) If an email channel plugin exists in this deployment, use:
  • message(action="send", channel="email", target="target@example.com", message=<report>)
B) Otherwise, fallback to local sendmail if available:
  • exec
    with: 
    printf "%s" "$REPORT" | /usr/sbin/sendmail -t
    (construct To/Subject headers)
If neither path is possible, still DM the user and include a line:
  • "NOTE: could not deliver to target@example.com (email channel not configured)"
按照以下优先级尝试邮件投递:
A) 如果部署环境中存在邮件渠道插件,使用:
  • message(action="send", channel="email", target="target@example.com", message=<report>)
B) 否则,如果本地存在sendmail,回退到本地投递:
  • 执行
    exec
    命令:
    printf "%s" "$REPORT" | /usr/sbin/sendmail -t
    (构造收件人/主题头)
如果两种方式都不可用,仍会向用户发送私信,并添加一行提示:
  • "注意:无法投递到target@example.com(邮件渠道未配置)"

Idempotency / updates

幂等性/更新逻辑

Before adding a new job:
  • cron.list(includeDisabled=true)
  • If a job with name matching 
    "Daily security audit"
    exists, update it instead of adding a duplicate:
    • adjust schedule tz/expr
    • adjust DM target
添加新任务前:
  • 执行
    cron.list(includeDisabled=true)
  • 如果存在名称匹配
    "Daily security audit"
    的任务,更新现有任务,不要创建重复项:
    • 调整调度时区/表达式
    • 调整私信目标

Suggested naming

命名建议

  • Job name: 
    "Daily security audit (Prompt Security)"
  • 任务名称:
    "Daily security audit (Prompt Security)"

Minimal recommended defaults (do not auto-change config)

最小推荐默认值(不要自动修改配置)

The cron’s report should suggest fixes but must not apply them.
Do not run 
openclaw security audit --fix
unless explicitly asked.
cron生成的报告应该建议修复方案,但绝对不能自动执行修复。
除非用户明确要求,否则不要运行
openclaw security audit --fix
命令。