Skip to content

siraustin/feral-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
lib
lib
Β 
Β 
.gitignore
.gitignore
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
feral-audit
feral-audit
Β 
Β 
install.sh
install.sh
Β 
Β 

Repository files navigation

🐾 Feral Audit

Comprehensive macOS security audit for AI agent infrastructure.

Your Mac runs AI agents, manages API keys, and serves as the control plane for powerful tools. But how secure is it, really?

Feral Audit tells you β€” with a letter grade.

  ╔═══════════════════════════════════════════╗
  β•‘          🐾  FERAL AUDIT  v0.1.0          β•‘
  β•‘     Comprehensive macOS Security Audit    β•‘
  β•‘            by Feral Labs                  β•‘
  β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

  βœ… OpenClaw Configuration: B
  βœ… macOS Hardening: A-
  βœ… Network Security: A
  βœ… Dependency Security: A-
  βœ… Credentials Hygiene: C+

  ══════════════════════════════════════════════
    OVERALL GRADE: B+
  ══════════════════════════════════════════════
    βœ— 1 failure  ⚠ 5 warnings  βœ“ 18 passed  (38 total checks)

Quick Start

# Install
curl -fsSL https://raw.githubusercontent.com/siraustin/feral-audit/main/install.sh | bash

# Run
feral-audit

Or clone and run directly:

git clone https://github.com/siraustin/feral-audit.git
cd feral-audit
./feral-audit

What It Checks

1. OpenClaw Configuration

Goes beyond openclaw audit β€” checks auth token strength, hook security (sessionKey overrides, IP allowlists), browser control auth, SSRF protections, and state directory permissions.

2. macOS Hardening

  • FileVault disk encryption
  • System Integrity Protection (SIP)
  • Application Firewall & stealth mode
  • Gatekeeper (app notarization)
  • Automatic security updates
  • Screen lock settings
  • Remote access services (SSH, Screen Sharing, ARD)
  • AirDrop discoverability

3. Network Security

  • Open port scan β€” what's listening and where
  • Tailscale VPN status & peer count
  • Services exposed outside the tunnel
  • SSH key audit: age, permissions, key type strength
  • WiFi security protocol

4. Dependency Security

  • npm audit on OpenClaw installation
  • Outdated Homebrew packages (flags security-critical ones)
  • Python package vulnerability check
  • Node.js and Python version currency

5. Credentials Hygiene

  • World-readable credential files (.env, .aws/credentials, .npmrc, etc.)
  • Secrets in environment variables vs. Keychain
  • Shell history secret leaks
  • Git credential storage method
  • .env file permissions

Output Formats

# Terminal (default) β€” colored report with grades
feral-audit

# JSON β€” machine-readable for fleet aggregation
feral-audit --json

# HTML β€” dark-themed report for sharing
feral-audit --html -o audit-report.html

# Single category
feral-audit --category macos

# Deep checks (may prompt for sudo)
feral-audit --elevated

# Disable sensitive value redaction (private use only)
feral-audit --no-redact

Grading

Each category gets a letter grade (A+ through F) based on findings:

Grade Meaning
A+ Excellent β€” no issues found
A/A- Strong β€” minor informational findings only
B+/B/B- Good β€” some warnings worth addressing
C+/C/C- Fair β€” notable security gaps
D Poor β€” significant vulnerabilities
F Critical β€” immediate action required

The overall grade is a weighted average β€” OpenClaw config, network, and credentials are weighted higher than dependency freshness.

Requirements

  • macOS 13+ (Ventura or later, optimized for macOS 15 Sequoia)
  • Python 3.9+ (ships with macOS or Xcode CLT)
  • Apple Silicon or Intel (tested on M2 Ultra, M4)
  • No sudo required for basic audit
  • No external Python packages β€” stdlib only

Philosophy

The free audit is the top of the funnel.

You ran our audit. You got a C. Now you know exactly what's wrong β€” and we can fix everything it found.

Feral Audit is designed to be:

  • Honest β€” no scare tactics, no inflated scores
  • Actionable β€” every finding includes context and recommendations
  • Safe to share β€” sensitive values are auto-redacted by default
  • Fast β€” full audit completes in under 30 seconds
  • Portable β€” pure Python, no pip installs, works on any Mac

Roadmap

  • Phase 1 β€” CLI tool with 5 audit categories
  • Phase 2 β€” Remediation commands (feral-audit fix)
  • Phase 3 β€” Fleet dashboard (aggregate JSON reports)
  • Phase 4 β€” Continuous monitoring mode
  • Phase 5 β€” Public web service at feralbots.com/audit

Project Structure

feral-audit/
β”œβ”€β”€ feral-audit          # Main CLI entry point
β”œβ”€β”€ install.sh           # Quick installer
β”œβ”€β”€ lib/
β”‚   β”œβ”€β”€ auditors/
β”‚   β”‚   β”œβ”€β”€ base.py          # Base auditor class
β”‚   β”‚   β”œβ”€β”€ openclaw_audit.py
β”‚   β”‚   β”œβ”€β”€ macos_audit.py
β”‚   β”‚   β”œβ”€β”€ network_audit.py
β”‚   β”‚   β”œβ”€β”€ dependency_audit.py
β”‚   β”‚   └── credentials_audit.py
β”‚   β”œβ”€β”€ grading.py       # Letter grade calculation
β”‚   └── report.py        # Terminal/JSON/HTML output
└── tests/

License

MIT β€” use it, share it, audit everything.

🐾 A Feral Labs product.

About

🐾 Comprehensive macOS security audit for AI agent infrastructure β€” A Feral Labs product

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages