shield_lock
金大哥
返回 Skill 列表
extension
分类: 安全与合规无需 API Key

Ai Security Audit

使用OpenClaw威胁情报对暴露的AI服务端口进行安全审计,在用户说出“security audit”“audit my AI service”等触发词时启动。

person作者: leek-whubclawhub
open_in_new仓库download下载资源包

AI Service Security Audit (Powered by OpenClaw)

Overview

This skill performs a structured security audit for AI services (such as Open-WebUI, Ollama, LocalAI, and similar self-hosted AI backends) against the OpenClaw threat intelligence database, which currently tracks 278,230+ exposed AI endpoints worldwide.

The audit covers six risk dimensions derived from real-world exposure data:

  • Authentication status
  • Credential leak exposure
  • Data breach history
  • APT threat actor association
  • Known CVE mapping
  • Network exposure profile

Step 1: Gather Endpoint Information

Ask the user for the following. If any field is unknown, note it and proceed with available data:

Required:
- IP address or hostname of the AI service
- Port number (default for Open-WebUI: 18789)
- Cloud provider / hosting environment (e.g., Alibaba Cloud, DigitalOcean, Tencent Cloud)
- Country / region of the server

Optional but recommended:
- Whether authentication is currently enabled (Yes / No / Unknown)
- ASN or network organization name
- When the service was first deployed

If the user cannot provide IP information, guide them to find it:

  • For cloud VMs: check the cloud console for the public IP
  • Via terminal: curl -s ifconfig.me or curl -s api.ipify.org

Step 2: Query OpenClaw Threat Intelligence

Using the provided endpoint information, check against the OpenClaw database fields:

Risk Field Mapping

| Field | Risk Condition | Severity | |---|---|---| | authRequired | - (unknown) or No | CRITICAL | | hasLeakedCreds | Leaked | CRITICAL | | asiHasBreach | Yes | HIGH | | asiHasThreatActor | Yes | HIGH | | asiCves | Non-empty CVE list | MEDIUM–HIGH | | isActive | true + any above flag | Escalates all above |

OpenClaw database statistics for context (as of March 2026):

  • 278,230 tracked exposed AI endpoints
  • 101,883 (36.6%) have leaked credentials
  • 104,819 (37.7%) associated with data breaches
  • 111,515 (40.1%) linked to known APT threat actors
  • Top affected cloud providers: Alibaba Cloud, DigitalOcean, Tencent Cloud

Top threat actors observed in the dataset: APT28, APT29, APT41, Lazarus Group, Sandworm Team, Volt Typhoon, Salt Typhoon, Kimsuky, MuddyWater Group, Gamaredon Group, RomCom Group

Step 3: Generate Risk Report

Produce a structured report with the following sections:

Report Template

## OpenClaw AI Endpoint Security Report
Generated: [timestamp]
Endpoint: [IP]:[PORT]

### Risk Summary
Overall Risk Level: [CRITICAL / HIGH / MEDIUM / LOW]

| Risk Dimension        | Status     | Severity |
|-----------------------|------------|----------|
| Authentication        | [status]   | [level]  |
| Credential Exposure   | [status]   | [level]  |
| Data Breach History   | [status]   | [level]  |
| Threat Actor Activity | [status]   | [level]  |
| Known CVEs            | [count]    | [level]  |
| Network Profile       | [provider] | [level]  |

### Threat Actor Associations
[List associated APT groups with brief descriptions if present]

### Active CVEs
[List CVEs with brief impact description]

### Key Findings
[Numbered list of the most critical issues found]

Risk Level Determination

  • CRITICAL: Any of — no/unknown auth, leaked credentials, breach + active threat actor
  • HIGH: Breach history OR threat actor association (without the above)
  • MEDIUM: Only CVE associations, no direct breach or credential leak
  • LOW: Clean across all dimensions

Step 4: Hardening Recommendations

Based on findings, provide targeted remediation. Always include all applicable sections.

AUTH-01: Enable Authentication (if authRequired is No or -)

For Open-WebUI:

# Set admin password on first launch via environment variable
WEBUI_SECRET_KEY=<strong-random-secret> \
WEBUI_AUTH=true \
docker run -d -p 18789:8080 ghcr.io/open-webui/open-webui:main

For direct config (config.json or .env):

WEBUI_AUTH=true
WEBUI_SECRET_KEY=<generate with: openssl rand -hex 32>

Verification: Access http://localhost:18789 — login page must appear before any API or UI access.

CRED-01: Rotate Leaked Credentials (if hasLeakedCreds is Leaked)

  1. Immediately revoke all existing API keys, user passwords, and service tokens
  2. Generate new credentials with strong entropy: 
    openssl rand -base64 32   # for passwords
openssl rand -hex 32       # for API keys / secrets
  3. Audit all services that used the leaked credentials
  4. Enable credential rotation policy — rotate every 90 days minimum
  5. Search for hardcoded credentials in config files: 
    grep -r "password\|secret\|api_key\|token" ./config/ --include="*.json" --include="*.env" --include="*.yaml"

NET-01: Restrict Port Exposure (always recommend)

Port 18789 should never be directly exposed to the public internet.

Using firewall (ufw):

# Block public access to port 18789
sudo ufw deny 18789

# Allow only specific trusted IPs
sudo ufw allow from <your-office-ip> to any port 18789
sudo ufw allow from <vpn-subnet> to any port 18789

sudo ufw reload

Using iptables:

# Drop all incoming connections to 18789 except from trusted source
iptables -A INPUT -p tcp --dport 18789 -s <trusted-ip> -j ACCEPT
iptables -A INPUT -p tcp --dport 18789 -j DROP

Cloud security group (recommended):

  • Alibaba Cloud: ECS Console → Security Groups → remove 0.0.0.0/0 rule for port 18789
  • AWS: EC2 → Security Groups → edit inbound rules
  • DigitalOcean: Networking → Firewalls → restrict source to known IPs
  • Tencent Cloud: CVM → Security Groups → remove public inbound for port 18789

NET-02: Set Up HTTPS Reverse Proxy

Never expose the AI service directly. Use nginx or Caddy as a reverse proxy with TLS:

Nginx configuration:

server {
    listen 443 ssl;
    server_name ai.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/ai.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ai.yourdomain.com/privkey.pem;

    # Block direct IP access
    if ($host != "ai.yourdomain.com") {
        return 444;
    }

    location / {
        proxy_pass http://127.0.0.1:18789;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Redirect HTTP to HTTPS
server {
    listen 80;
    server_name ai.yourdomain.com;
    return 301 https://$host$request_uri;
}

Caddy (simpler, auto-TLS):

ai.yourdomain.com {
    reverse_proxy localhost:18789
}

CVE-01: Apply Security Patches (if asiCves is non-empty)

Common CVE categories seen in the OpenClaw dataset:

| CVE Range | Component | Action | |---|---|---| | CVE-2024-6387, CVE-2023-38408 | OpenSSH | sudo apt update && sudo apt upgrade openssh-server | | CVE-2023-48795, CVE-2025-26465 | SSH protocol | Disable weak algorithms in /etc/ssh/sshd_config | | CVE-2023-44487 | HTTP/2 (Rapid Reset) | Update nginx/apache, enable rate limiting | | CVE-2022-* Apache series | Apache httpd | sudo apt upgrade apache2 |

General patch procedure:

# Update all system packages
sudo apt update && sudo apt full-upgrade -y

# Check for restart-required services
sudo needrestart -r a

# Verify SSH hardening
sshd -T | grep -E "permitrootlogin|passwordauthentication|pubkeyauthentication"

Recommended SSH hardening (/etc/ssh/sshd_config):

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
KexAlgorithms curve25519-sha256,diffie-hellman-group16-sha512
Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
MACs hmac-sha2-512-etm@openssh.com

APT-01: Threat Actor Mitigation (if asiHasThreatActor is Yes)

When the endpoint IP is associated with known APT threat actors:

  1. Assume compromise: Treat the environment as potentially compromised until verified
  2. Enable audit logging: 
    # Enable auditd
sudo apt install auditd -y
sudo systemctl enable --now auditd

# Log all authentication events
sudo auditctl -w /var/log/auth.log -p rwa -k auth_monitor
  3. Check for backdoors and persistence: 
    # Check for unusual cron jobs
crontab -l && sudo crontab -l && cat /etc/cron*/*

# Check for unusual listening ports
ss -tlnp

# Check for recently modified files
find / -mtime -7 -type f 2>/dev/null | grep -v proc | grep -v sys
  4. Enable fail2ban for brute-force protection: 
    sudo apt install fail2ban -y
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# Set bantime = 3600, maxretry = 3 in jail.local
sudo systemctl enable --now fail2ban
  5. Consider IP change: If the current IP has persistent APT association in threat intel databases, consider rotating the public IP through your cloud provider

Step 5: Verification Checklist

After applying fixes, verify each item:

Security Hardening Verification Checklist:

[ ] Port 18789 is NOT reachable from public internet
    Test: curl -m 5 http://<your-public-ip>:18789 (should timeout or refuse)

[ ] HTTPS reverse proxy is active and serving valid TLS certificate
    Test: curl -I https://ai.yourdomain.com (should return 200 with TLS info)

[ ] Authentication is enforced — unauthenticated API calls return 401
    Test: curl https://ai.yourdomain.com/api/v1/models (should return 401)

[ ] All system packages are updated
    Test: sudo apt list --upgradable 2>/dev/null

[ ] SSH uses key-based auth only, password auth disabled
    Test: ssh -o PasswordAuthentication=no user@host (should fail gracefully)

[ ] fail2ban is active and monitoring
    Test: sudo fail2ban-client status

[ ] No leaked credentials remain in config files
    Test: grep -r "password\|secret" ./config/ (review all results)

Step 6: Ongoing Monitoring

Recommend the user set up continuous monitoring:

  1. Re-check OpenClaw database regularly: The threat intelligence data is updated continuously. Check your endpoint status at openclaw.ai to catch new threat actor associations or CVEs.

  2. Set up log monitoring for the AI service:

    # Watch for failed auth attempts in real time
tail -f /var/log/auth.log | grep "Failed\|Invalid\|error"

  3. Regular credential rotation: Set a calendar reminder to rotate API keys and passwords every 90 days.

  4. Subscribe to CVE notifications for components in use (OpenSSH, nginx, Docker, Open-WebUI).

Reference: OpenClaw Data Fields

| Field | Description | |---|---| | endpoint | Exposed service URL (IP:port) | | authRequired | Whether login is enforced: Yes / No / - (unknown) | | hasLeakedCreds | Credential leak status: Leaked / Clean | | isActive | Whether endpoint is currently responding | | asiHasBreach | IP has data breach history in threat intel feeds | | asiHasThreatActor | IP associated with known APT groups | | asiThreatActors | Named APT groups linked to this IP | | asiCves | CVEs associated with this IP's infrastructure | | asiDomains | Domains resolving to or from this IP | | firstSeen / lastSeen | Timeline of exposure observation |