skills/chandrasekar-r_security-audit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit with translated description

Browse Source
This commit is contained in:
zlei9
2026-03-29 09:37:07 +08:00
commit ab6e61ccf2
3 changed files with 613 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
SKILL.md Normal file
View File

@@ -0,0 +1,102 @@
---
name: security-audit
description: "Clawdbot部署的全面安全审计。扫描暴露的凭证、开放端口、弱配置和漏洞。包含自动修复模式。"
---
# Security Audit Skill
## When to use
Run a security audit to identify vulnerabilities in your Clawdbot setup before deployment or on a schedule. Use auto-fix to remediate common issues automatically.
## Setup
No external dependencies required. Uses native system tools where available.
## How to
### Quick audit (common issues)
```bash
node skills/security-audit/scripts/audit.cjs
```
### Full audit (comprehensive scan)
```bash
node skills/security-audit/scripts/audit.cjs --full
```
### Auto-fix common issues
```bash
node skills/security-audit/scripts/audit.cjs --fix
```
### Audit specific areas
```bash
node skills/security-audit/scripts/audit.cjs --credentials # Check for exposed API keys
node skills/security-audit/scripts/audit.cjs --ports # Scan for open ports
node skills/security-audit/scripts/audit.cjs --configs # Validate configuration
node skills/security-audit/scripts/audit.cjs --permissions # Check file permissions
node skills/security-audit/scripts/audit.cjs --docker # Docker security checks
```
### Generate report
```bash
node skills/security-audit/scripts/audit.cjs --full --json > audit-report.json
```
## Output
The audit produces a report with:
| Level | Description |
|-------|-------------|
| 🔴 CRITICAL | Immediate action required (exposed credentials) |
| 🟠 HIGH | Significant risk, fix soon |
| 🟡 MEDIUM | Moderate concern |
| 🟢 INFO | FYI, no action needed |
## Checks Performed
### Credentials
- API keys in environment files
- Tokens in command history
- Hardcoded secrets in code
- Weak password patterns
### Ports
- Unexpected open ports
- Services exposed to internet
- Missing firewall rules
### Configs
- Missing rate limiting
- Disabled authentication
- Default credentials
- Open CORS policies
### Files
- World-readable files
- Executable by anyone
- Sensitive files in public dirs
### Docker
- Privileged containers
- Missing resource limits
- Root user in container
## Auto-Fix
The `--fix` option automatically:
- Sets restrictive file permissions (600 on .env)
- Secures sensitive configuration files
- Creates .gitignore if missing
- Enables basic security headers
## Related skills
- `security-monitor` - Real-time monitoring (available separately)