Openclaw Audit Watchdog
Run scheduled OpenClaw/ClawHub security audits with rendered reports and verify signed release archives before trusting a skill install.
Overview
openclaw-audit-watchdog is an agent skill most often used in Ship (also Operate monitoring) that schedules OpenClaw audits, renders reports, and documents signed release verification for skill archives.
Install
npx skills add https://github.com/prompt-security/clawsec --skill openclaw-audit-watchdogWhat is this skill?
- Automated audit runs with cron setup via setup_cron.mjs and report delivery pipeline
- render_report.mjs with load_suppression_config.mjs for configurable finding suppression
- Signed standalone install verification: checksums.json, checksums.sig, signing-public.pem, and SKILL.md/skill.json hash
- Release SBOM metadata in skill.json so published archives include required script helpers
- Changelog-tracked security hardening without changing core audit behavior between patch releases
- Explicit signed-release verification flow documented in 0.1.5 security release
- skill.json SBOM lists load_suppression_config.mjs for complete release archives (0.1.6)
Adoption & trust: 633 installs on skills.sh; 1k GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You ship or install OpenClaw skills but lack a repeatable audit loop and cannot confidently verify that downloaded skill archives match signed checksums.
Who is it for?
Solo builders maintaining ClawHub-published skills or running OpenClaw in production who want watchdog audits plus explicit signed-release verification steps.
Skip if: Teams that only need one-off linting with no OpenClaw/ClawHub context, or builders unwilling to run local Node scripts and cron on their machine or server.
When should I use this skill?
You publish or install OpenClaw/ClawHub skills and need scheduled audits, report rendering, or standalone signed artifact verification.
What do I get? / Deliverables
You get cron-backed audit runs, suppression-aware reports, and a documented path to validate checksums and signatures before running third-party skill code.
- Cron-configured audit watchdog schedule
- Rendered audit report with suppression rules applied
- Documented pass/fail steps for signed archive and SKILL.md integrity
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
The skill centers on audit execution, suppression-aware reporting, and release integrity checks—work you do before and after shipping agent skills. Watchdog audits and signed-artifact verification map directly to the Ship security subphase for supply-chain and config hygiene.
Where it fits
Before promoting a ClawHub skill release, verify archive hash, checksums.sig, and SKILL.md hashes against the signing public key.
Run the packaged audit flow and read a rendered report with suppressions applied to focus on unresolved findings.
Keep a cron-driven watchdog auditing your OpenClaw environment after launch so regressions surface without manual prompts.
How it compares
Supply-chain watchdog and audit runner for OpenClaw skill packages—not a generic SAST SaaS or an MCP statistics connector.
Common Questions / FAQ
Who is openclaw-audit-watchdog for?
It is for indie and solo operators who distribute or install OpenClaw agent skills and need ongoing audits plus integrity checks on release artifacts.
When should I use openclaw-audit-watchdog?
Use it in Ship before trusting a new skill version (verify signatures and checksums) and in Operate when you want scheduled audits and rendered reports on an existing OpenClaw setup.
Is openclaw-audit-watchdog safe to install?
Check the Security Audits panel on this Prism page; the skill includes audit and cron scripts that touch your filesystem—treat it like security tooling and review sources before enabling automation.
SKILL.md
READMESKILL.md - Openclaw Audit Watchdog
# Exclude local caches and build outputs from ClawHub upload .DS_Store .git/ __pycache__/ *.pyc *.pyo *.egg-info/ dist/ build/ .env .venv/ .cache/ # Exclude local test harness files from published payloads. test/ # Changelog ## [0.1.6] - 2026-05-16 ### Fixed - Added `scripts/load_suppression_config.mjs` to `skill.json` SBOM metadata so release archives include the helper imported by `scripts/render_report.mjs`. ## [0.1.5] - 2026-05-14 ### Security - Added explicit signed release artifact verification instructions for standalone installs, including `checksums.json`, `checksums.sig`, `signing-public.pem`, archive hash verification, and `SKILL.md`/`skill.json` checksum checks. All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [0.1.4] - 2026-04-17 ### Changed - Re-released metadata and docs updates under a new version after detecting that `0.1.3` was already present in ClawHub with older artifact content. - No runtime behavior changes to audit execution, cron setup, or report delivery logic. ## [0.1.3] - 2026-04-16 ### Changed - `scripts/setup_cron.mjs` keeps the same cron setup behavior while removing direct `spawnSync(` call tokens that triggered static moderation false positives. - Test harness process launch calls now use local aliases, preserving test behavior while avoiding false-positive `dangerous_exec` signatures. - Frontmatter metadata now declares runtime requirements directly under `metadata.openclaw.requires` (`bins` + required `env`) so published manifest metadata aligns with the skill's documented/runtime behavior. - Added explicit `metadata.openclaw.envVars` declarations for DM/email delivery variables used by the scheduled workflow. - Removed `curl` from required runtime bins in the manifest metadata; it remains an installation-flow helper, not a runtime requirement. ### Security - Added a skill-local `.clawhubignore` that excludes `test/` from publish payloads. - This prevents moderation from scanning non-runtime test harness files that previously generated `suspicious.dangerous_exec` findings. ## [0.1.2] - 2026-04-14 ### Added - Registry/runtime metadata now declares the actual required runtimes (`openclaw`, `node`) plus the DM/email environment variables and operator review notes. - `scripts/setup_cron.mjs` now prints a preflight review summarizing recipients, persistence, and required runtime before creating or updating the cron job. - Coverage for cron setup disclosure behavior (`test/setup_cron.test.mjs`) and case-insensitive suppression matching regression. ### Changed - Email delivery is now explicit and opt-in: `scripts/runner.sh` only attempts email delivery when `PROMPTSEC_EMAIL_TO` is configured. - `scripts/setup_cron.mjs` now carries configured runtime/delivery environment variables into the cron payload so the scheduled job is more self-describing and less dependent on ambient host state. - Suppression matching in `scripts/render_report.mjs` is now case-insensitive for skill names, matching the documented behavior and normalized config loader. - Documentation now consistently refers to the current OpenClaw product name. ### Security - Removed the placeholder email recipient from the default cron payload to avoid implicitly sending audit output to an unreviewed address. - Cron setup now surfaces the unattended delivery model before enabling persistence, making external recipients and runtime assumptions explicit to the operator. ## [0.1.1] ### Added - Contributor credit: portability and path-hardening improvements in this release were contributed by [@aldodelgado](https://github.com/aldodelgado) in PR #62. - Cross-shell home-path expansion support in watchdog path inputs (`~`, `$HOME`, `${HOME}`, `%USERPROFILE%`, `$env:HOME`). - Regression coverage for suppression-config home-token expan