Smithery Logo
MCPsSkillsDocsPricing
Login
NewFlame, an assistant that learns and improves. Available onTelegramSlack
    openclaw

    healthcheck

    openclaw/healthcheck
    Security
    178,203

    About

    SKILL.md

    Install

    • Telegram
      Telegram
    • Slack
      Slack
    • Claude Code
      Claude Code
    • Codex
      Codex
    • OpenClaw
      OpenClaw
    • Cursor
      Cursor
    • Amp
      Amp
    • GitHub Copilot
      GitHub Copilot
    • Gemini CLI
      Gemini CLI
    • Kilo Code
      Kilo Code
    • Junie
      Junie
    • Replit
      Replit
    • Windsurf
      Windsurf
    • Cline
      Cline
    • Continue
      Continue
    • OpenCode
      OpenCode
    • OpenHands
      OpenHands
    • Roo Code
      Roo Code
    • Augment
      Augment
    • Goose
      Goose
    • Trae
      Trae
    • Zencoder
      Zencoder
    • Antigravity
      Antigravity
    • Download skill
    ├─
    ├─
    └─
    Smithery Logo

    Give agents more agency

    Resources

    DocumentationPrivacy PolicySystem Status

    Company

    PricingAboutBlog

    Connect

    © 2026 Smithery. All rights reserved.

    About

    Host security hardening and risk-tolerance configuration for OpenClaw deployments...

    SKILL.md

    OpenClaw host healthcheck

    Goal: assess host risk, run read-only checks, then propose staged hardening without breaking access.

    Rules

    • Ask before state-changing actions.
    • Do not change SSH/firewall/remote access until access path is confirmed.
    • Prefer reversible steps and rollback notes.
    • Never claim OpenClaw manages OS firewall, SSH, or updates.
    • If identity/role unknown, recommend only.
    • User choices: numbered list.
    • Never print secrets.

    Context to infer first

    • OS/version, container vs host.
    • Privilege level.
    • Access path: local, SSH, RDP, tailnet.
    • Network exposure: public IP, reverse proxy, tunnel, LAN only.
    • OpenClaw gateway status, bind, auth.
    • Backup status.
    • Disk encryption.
    • Automatic security updates.
    • Usage mode: personal workstation, local assistant box, remote server, other.

    Ask only for missing facts. Simple phrasing preferred.

    Read-only checks

    Ask once for permission to run read-only checks. Then run relevant commands.

    Common:

    openclaw security audit --deep
    openclaw gateway status --deep
    openclaw doctor
    

    macOS:

    sw_vers
    lsof -nP -iTCP -sTCP:LISTEN
    /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
    pfctl -s info
    tmutil status
    fdesetup status
    softwareupdate --schedule
    

    Linux:

    cat /etc/os-release
    ss -ltnup || ss -ltnp
    ufw status || firewall-cmd --state || nft list ruleset
    systemctl status ssh sshd
    lsblk -f
    

    Windows:

    systeminfo
    Get-NetFirewallProfile
    Get-BitLockerVolume
    

    Risk profile

    After context is known, ask desired posture:

    1. Convenience: local/private, minimal prompts.
    2. Balanced: secure defaults, low friction.
    3. Strict: remote/public/sensitive data, more lock-down.

    Report shape

    • Current posture: one paragraph.
    • Findings: severity + evidence + why it matters.
    • Recommended plan: staged, reversible.
    • Commands: read-only first; write actions only after approval.
    • Gaps: what could not be checked.

    Hardening menu

    Offer only relevant items:

    • Bind gateway to loopback/LAN/tailnet intentionally.
    • Require auth for remote access.
    • Close public ports or restrict by firewall.
    • Enable OS security updates.
    • Enable disk encryption.
    • Verify backups and restore path.
    • Disable password SSH or require keys/MFA where appropriate.
    • Add scheduled openclaw security audit --deep.

    Confirm exact action before applying.

    Recommended Servers
    Hostsmith
    Hostsmith
    Netlify
    Netlify
    HemmaBo
    HemmaBo
    Repository
    openclaw/openclaw
    Files