Before you run any skill with file access, this auditor walks you through five questions about your workspace, host agent, permission defaults, sandbox setup, and exposed ports. It scans for leaked credentials in .env files, SSH keys, and cloud config, then checks your AGENTS.md and permission model against least-privilege defaults. The output is a READY/RISKY/NOT_READY verdict with a fix checklist and optional Docker sandbox profiles. Most useful when setting up a new OpenClaw host or after you suspect something sketchy happened. The wizard format keeps it from being overwhelming, but you still need to actually rotate any keys it finds.
npx skills add https://github.com/useai-pro/openclaw-skills-security --skill setup-auditor