Skip to main content
openclaw security audit emits structured findings keyed by checkId. This page is the reference catalog for those IDs. For the high-level threat model and hardening guidance, see Security. Some checks only run with openclaw security audit --deep: plugin/skill code scans (plugins.code_safety*, skills.code_safety*) and live Gateway probe checks (gateway.probe_*). Everything else in this table runs on a plain openclaw security audit. A severity like warn/critical means the same checkId can be emitted at either level depending on config (for example, whether the Gateway is remotely exposed). High-signal values you will most likely see in real deployments (not exhaustive): channels.<provider>.* and tools.elevated.allowFrom.<provider>.* checkIds are generated per configured channel/provider, so <provider> is a real channel id (for example telegram, discord) in actual output, not a literal string.