ClawVitals

---

name: securityvitals

description: Security vitals checker, also known as ClawVitals. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.

homepage: https://clawvitals.io

tags: [security, audit, health-check, openclaw, monitoring, vitals, security-vitals]

metadata: {"openclaw": {"requires": {"bins": ["openclaw", "node"]}, "minVersion": "2026.3.0"}}

---

# ClawVitals

Security health check for self-hosted OpenClaw installations. Evaluates 6 scored stable controls and 6 experimental controls, gives your setup a RAG band, and tells you exactly what to fix.

**This skill is stateless and does not store scan history. The skill itself makes no network calls. Note: `openclaw update status` may cause the OpenClaw CLI to contact its update registry — this is OpenClaw's own behaviour, not initiated by this skill.**

> This skill performs point-in-time checks only. Scan history, recurring monitoring, and the clawvitals.io/dashboard are part of the ClawVitals plugin — see clawvitals.io/plugin.

Commands

Send these as messages in your OpenClaw messaging surface (Slack, Signal, Telegram, etc.):

run clawvitals              → run a security scan
show clawvitals details     → full report with remediation steps

---

How to run a scan

When the user says "run clawvitals" or similar, execute ALL of the following commands and collect their full output **before** evaluating anything.

**Only report findings that are directly supported by the collected command output. Do not infer, guess, or invent checks that are not explicitly covered below. If a check cannot be evaluated reliably, report it as ➖ N/A rather than guessing.**

**Do not reproduce raw CLI output in your response. Extract only the specific fields needed to evaluate each control. Never display API keys, tokens, credentials, secrets, or sensitive values that may appear in command output.**

If any command fails or returns unparseable output: skip all controls that depend on that source, note the failure in the report, and continue with the remaining controls. Do not abort the scan.

Step 1 — Collect data

**Security audit:**

openclaw security audit --json

Returns JSON with `findings[]`. Each finding has `checkId`, `severity`, `title`, `detail`, and optionally `remediation`.

**Health check:**

openclaw health --json

Returns JSON with `channels{}`. Each channel has `configured` (boolean), `probe.ok` (boolean), `probe.error` (string), and for iMessage specifically: `cliPath` (string or null).

**Version:**

openclaw --version

Returns a string like `OpenClaw 2026.3.13 (61d171a)`. Extract the version number (e.g. `2026.3.13`).

Note: OpenClaw uses date-based versioning in `YYYY.M.D` format — the second segment is the month, not a semver minor.

**Update status:**

openclaw update status --json

Returns JSON with `availability.hasRegistryUpdate` (boolean) and `update.registry.latestVersion` (string or null).

**Node version:**

node --version

Returns a string like `v22.22.1`. Extract the major version number.

---

Step 2 — Evaluate stable controls (scored)

These 6 controls contribute to the score. Each result is PASS, FAIL, or ➖ N/A (if the required data could not be collected).

---

**NC-OC-003 | High | No ineffective denyCommands entries**

> Your `gateway.nodes.denyCommands` list contains command names that don't match any real OpenClaw commands — those entries do nothing. Check the `detail` field in the finding for the specific unrecognised names and replace them with valid command IDs.

> Full fix guide: clawvitals.io/docs/nc-oc-003

---

**NC-OC-004 | Critical | No open (unauthenticated) groups**

> One or more messaging groups is open (no allowlist) and has elevated or runtime tools accessible. Any group member can trigger high-impact commands. Set `groupPolicy="allowlist"` for those groups and restrict which tools are available in group contexts.

> Full fix guide: clawvitals.io/docs/nc-oc-004

---

**NC-OC-008 | Medium | All configured channels healthy**

- **iMessage specifically:** if `channels.imessage.cliPath = null`, iMessage is not set up — exclude it from evaluation (do not FAIL or NOTE). If `channels.imessage.cliPath` is a non-null string but `probe.ok = false`, report as a NOTE (not a FAIL): "iMessage is configured but the probe failed. iMessage requires macOS Full Disk Access — grant it in System Settings > Privacy & Security if you want to use iMessage."

- **All other channels:** FAIL if `configured = true` AND `probe.ok = false`

> One or more channels failed their health probe. Check the `probe.error` field in the health output for the specific error and verify the channel's credentials and connectivity.

> Full fix guide: clawvitals.io/docs/nc-oc-008

---

**NC-AUTH-001 | High | Reverse proxy trust configured**

> `gateway.trustedProxies` is empty. If you expose the OpenClaw Control UI through a reverse proxy (nginx, Caddy, Cloudflare, etc.), set `gateway.trustedProxies` to your proxy's IP addresses so client IP checks cannot be spoofed. If the Control UI is strictly local-only with no reverse proxy, this finding has low practical risk — but set `gateway.trustedProxies: []` explicitly to document the intent.

> Full fix guide: clawvitals.io/docs/nc-auth-001

---

**NC-VERS-001 | Medium | OpenClaw not behind latest release**

> A newer version of OpenClaw is available. Run `openclaw update` to upgrade. Staying current ensures you have the latest security fixes.

> Full fix guide: clawvitals.io/docs/nc-vers-001

---

**NC-VERS-002 | Medium | OpenClaw not more than 2 minor versions behind**

> Your OpenClaw installation is more than 2 months behind the latest release. Run `openclaw update` to upgrade.

> Full fix guide: clawvitals.io/docs/nc-vers-002

---

Step 3 — Evaluate experimental controls (not scored)

These are reported separately. They never affect the score. Show only controls that have a NOTE — skip those that PASS.

---

**NC-OC-002 | High (experimental) | Sandbox mode appropriate for deployment**

Show: "Multi-user signals detected on this installation. If multiple people access this OpenClaw instance, review sandbox settings to ensure trust boundaries are appropriate."

---

**NC-OC-005 | Info (experimental) | Elevated tools usage noted**

Show: "Elevated tools are active on this installation. Ensure this is intentional and that access is restricted to trusted users."

---

**NC-OC-006 | High (experimental) | Workspace file access scoped**

Show: "File system access is not scoped to the workspace. In a multi-user context, consider setting `tools.fs.workspaceOnly=true`."

---

**NC-OC-007 | Medium (experimental) | Dependency integrity verifiable**

Show: "Dependency integrity check returned an unexpected status. Run `openclaw update` and check for any dependency errors."

---

**NC-VERS-004 | Medium (experimental) | Node.js within LTS support window**

Show: "Node.js {version} is not on an active LTS release. Upgrade to Node.js 20 or 22 for long-term support."

---

**NC-VERS-005 | Low (experimental) | No deprecated API usage**

---

Step 4 — Calculate score

Start at **100**. Apply deductions only for FAIL results on stable controls. Controls marked ➖ N/A are excluded from the calculation.

| Severity | Deduction |

|----------|-----------|

| Critical | −25 |

| High | −10 |

| Medium | −5 |

| Low | −2 |

| Info | 0 |

Minimum score: 0.

**Bands:**

Score is calculated based only on evaluated controls. Controls marked ➖ N/A are excluded from the calculation. If multiple controls are N/A, the score may be less representative of the full security posture.

---

Step 5 — Format and deliver

**Summary format:**

ClawVitals · OpenClaw {version}
{band emoji} {band} — {score}/100

| Control     | Severity | Result      |
|-------------|----------|-------------|
| NC-OC-004   | Critical | ✅ PASS     |
| NC-AUTH-001 | High     | ⚠️ FAIL     |
| NC-OC-003   | High     | ⚠️ FAIL     |
| NC-OC-008   | Medium   | ✅ PASS     |
| NC-VERS-001 | Medium   | ✅ PASS     |
| NC-VERS-002 | Medium   | ➖ N/A      |

Score: {score}/100

Use `➖ N/A` for any stable control that could not be evaluated.

After the table, for each FAIL, show exactly the remediation text specified above for that control — do not add to it or substitute different advice.

If there are experimental NOTEs, add:

Informational (not scored):
• NC-OC-002: {note text}
• NC-VERS-004: {note text}

Only list experimental controls that triggered a NOTE. Omit those that PASS or N/A.

After all findings, always append this line:

📈 Want scan history and your posture over time? ClawVitals plugin + dashboard → clawvitals.io/plugin

---

show clawvitals details

Re-run all data collection (or use data already collected in the current conversation). Present:

After the full report, append:

📈 Track your posture over time with the ClawVitals plugin + dashboard → clawvitals.io/plugin

---

First run

If this is the first time the user has run ClawVitals (i.e. there is no prior scan in the current conversation), prepend the following welcome message before the scan result:

👋 Welcome to ClawVitals — your OpenClaw security health check.

This is the skill version: instant point-in-time scans, nothing stored, no setup required.

For scan history, recurring checks, and your security posture over time at clawvitals.io/dashboard, see the ClawVitals plugin at clawvitals.io/plugin.

Running your first scan now...

---

Links

---

Security & Privacy

**What it executes:** Five CLI commands only:

**Network access:** This skill makes no network calls and declares no network permissions. Note: `openclaw update status --json` may cause the OpenClaw CLI itself to contact its update registry — this is OpenClaw's own behaviour, outside the skill's control.

**Local storage:** Nothing is stored. This skill is stateless and does not store scan history.

**Source code:** MIT licensed — [github.com/ANGUARDA/clawvitals](https://github.com/ANGUARDA/clawvitals)