Openclaw Arbiter

Audit installed skill permissions: detect network access, subprocess execution, file writes, unsafe deserialization, and environment variable usage. Permission matrix for every skill in your workspace. Free alert layer — upgrade to openclaw-arbiter-pro for revocation, quarantine, and policy enforcement.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 1.2k · 2 current installs · 2 all-time installs

by@AtlasPA

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description (permission auditor) matches what the package contains: a Python script that scans SKILL.md and code for network, subprocess, file I/O, env access, and unsafe deserialization patterns. The only required binary is python3, which is appropriate.

ℹ

Instruction Scope

SKILL.md instructs running the arbiter against a workspace path; the tool legitimately needs to read skill directories and files to do its job. However the tool also exposes enforcement commands (quarantine, revoke, enforce, protect) which modify skills; SKILL.md/README mention those are 'Pro' features but the script contains them. Auditing (read-only) is expected; modifying/quarantining is a larger scope and should be used with care.

✓

Install Mechanism

No install spec; the repo contains a single Python script and docs and claims to use only the standard library. That is low-risk compared with downloads or remote installers.

✓

Credentials

The skill requests no environment variables or credentials, which is proportionate to an offline code-auditor. The script's detection patterns include environment access checks but it does not require any secrets.

Persistence & Privilege

always:false and agent-invocable:true (normal). But the tool implements commands that modify other skills (quarantine, revoke, enforce, protect) which grant it the ability to rename/move/delete skill directories when invoked. This is coherent for an enforcement tool but is a high-impact capability — ensure you run it intentionally and back up the workspace before using enforcement actions.

Assessment

This appears to be a legitimate offline permission auditor. Before installing or running it: (1) Review the scripts/arbiter.py file yourself (or inspect it with a diff) to confirm there are no unexpected network calls or obfuscated code. (2) Run only read-only operations first (audit, report, status) to see findings without making changes. (3) Do not run quarantine/revoke/enforce unless you have a current backup of your workspace and understand the changes they perform. (4) If you plan to automate or grant agent autonomy, be cautious: although always:false, an agent could be instructed to run enforcement commands which will modify or remove other skills. (5) If you need higher assurance, run the tool in an isolated environment (container or VM) and grep for network-related modules/URLs before trusting it with enforcement operations.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2

Download zip

latestvk97dma0j6xqzt1g6kvfr8dzz39810q3m

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

⚖️ Clawdis

OSmacOS · Linux · Windows

Binspython3

SKILL.md

OpenClaw Arbiter

Audits installed skills to report exactly what system resources each one accesses — network, subprocess, file I/O, environment variables, and unsafe operations.

The Problem

You install skills and trust them blindly. A skill that claims to format markdown could also open network connections, execute shell commands, or read your environment variables. Nothing reports what permissions each skill actually uses.

Commands

Full Audit

Deep audit of all installed skills with line-level findings.

python3 {baseDir}/scripts/arbiter.py audit --workspace /path/to/workspace

Audit Single Skill

python3 {baseDir}/scripts/arbiter.py audit openclaw-warden --workspace /path/to/workspace

Permission Matrix

Compact table showing permission categories per skill.

python3 {baseDir}/scripts/arbiter.py report --workspace /path/to/workspace

Quick Status

One-line summary of permission risk.

python3 {baseDir}/scripts/arbiter.py status --workspace /path/to/workspace

What It Detects

Category	Risk	Examples
Serialization	CRITICAL	pickle, eval(), exec(), import
Subprocess	HIGH	subprocess, os.system, Popen, command substitution
Network	HIGH	urllib, requests, curl, wget, hardcoded URLs
File Write	MEDIUM	open('w'), shutil.copy, os.remove, rm
Environment	MEDIUM	os.environ, os.getenv, os.putenv
Crypto	LOW	hashlib, hmac, ssl
File Read	LOW	open('r'), os.walk, glob

Exit Codes

0 — Clean, all skills within normal bounds
1 — Elevated permissions detected (review needed)
2 — Critical permissions detected (action needed)

No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.

Files

3 total

Select a file

Select a file to preview.

Comments

Loading comments…