by 安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This SKILL.md is coherent for hardening but it operates with root privileges and suggests enabling a persistent root-run service. Before applying: (1) Confirm you have working SSH key access so you don't lock yourself out, and test in a staging instance first. (2) Manually review the systemd service file (the skill creates /etc/systemd/system/openclaw-gateway.service) and verify the openclaw binary path and contents; prefer running the service as a dedicated non-root user if possible. (3) Do not...详细分析 ▾
✓ 用途与能力
The name/description (host hardening for OpenClaw) matches the actions in SKILL.md: SSH key-only auth, UFW rules, fail2ban installation, credential permission tightening, and an optional OpenClaw gateway service. Nothing requested is unrelated to host hardening.
ℹ 指令范围
Instructions explicitly modify system-wide config (sshd_config, UFW, install packages, chmod credential file) which is expected for hardening. The document warns to confirm before running commands. However it also instructs creating/enabling a systemd service that runs as root without checking whether the referenced 'openclaw' binary exists or is trusted — this increases risk and should be reviewed line-by-line before enabling.
✓ 安装机制
This is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written by an install step. That lowers installer-side risk.
✓ 凭证需求
The skill requests no environment variables or external credentials. It does touch ~/.openclaw/credentials (chmod 700), which is directly relevant to the stated purpose. No unrelated secrets or services are requested.
⚠ 持久化与权限
While the skill itself is not always-enabled, it recommends creating and enabling a persistent systemd service that runs as root and restarts automatically. Enabling such a service grants long-term execution privilege; verify the service binary, consider running it under a less-privileged user, and only enable after confirming the binary and behavior.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.52026/2/26
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install host-hardening
镜像加速npx clawhub@latest install host-hardening --registry https://cn.longxiaskill.com