ClawHub

OpenA2A Security

v1.0.0

Security hardening for OpenClaw. Audit your configuration, scan installed skills for malware, detect CVE-2026-25253, check credential exposure, and get actio...

0· 454·0 current·0 all-time
byAbdel Fane@abdelsfane
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim a local security auditor for OpenClaw; the SKILL.md requires node/npx and instructs running a tool called 'hackmyagent', which is coherent with a scanner. However the registry metadata lists no source or homepage despite in-text claims (OpenA2A/opena2a.org), which reduces provenance confidence. The 'runs entirely locally / no external API calls' claim conflicts with using npx to obtain and run a package.
!
Instruction Scope
Runtime instructions tell the agent to execute commands like 'npx hackmyagent secure ~/.openclaw' and other npx invocations. Those commands will run code obtained at runtime (npx may fetch from npm) and potentially access and report on ~/.openclaw and config files. The SKILL.md explicitly asserts no data leaves the machine, but using npx introduces a network-fetch step not reflected in the frontmatter permissions (network: []). The instructions do not ask for unrelated files or secrets, but the network/download contradiction increases risk.
!
Install Mechanism
There is no install spec (instruction-only), but the skill relies on npx to fetch and run 'hackmyagent' from the npm ecosystem. Dynamic fetch-and-execute via npx is a non-trivial install/runtime action: it may download arbitrary code at run time and run lifecycle scripts. The SKILL.md does not pin a package version, provide a provenance URL, or a checksum. This is moderate-to-high risk compared with a fully local, vendored scanner.
Credentials
The skill requests no environment variables and only declares filesystem access to ~/.openclaw, which is proportionate for a local OpenClaw audit. There are no requests for unrelated cloud credentials or wide-ranging env secrets. That said, because it executes external code via npx, that external code could request additional access during runtime — which is not captured here.
Persistence & Privilege
The skill does not request always:true and does not ask to modify other skills or agent-wide settings. It appears to be an on-demand audit tool, which is appropriate for its purpose.
Scan Findings in Context
[NO_CODEFILES] expected: Static regex scanner had nothing to analyze because this is an instruction-only skill (only SKILL.md present). That absence is expected but means there is no bundled code to review in the package — the runtime behavior depends on external 'npx hackmyagent' code.
What to consider before installing
This skill looks like an on-demand local auditor, but proceed cautiously: (1) The SKILL.md tells the agent to run 'npx hackmyagent' — npx will typically fetch code from the npm registry at runtime, which contradicts the claim 'runs entirely locally' and means remote code could be executed. (2) There is no source/homepage or pinned package/version/checksum provided — you cannot verify the exact code that will run. Recommended next steps before installing/using: a) Verify provenance of 'hackmyagent' (npm package page, repository, maintainer) and prefer a pinned, audited release; b) If possible, vendor the scanner locally (install the package yourself and inspect it) or run the commands manually in a controlled sandbox; c) Run the scanner in an isolated environment (container or VM) and review generated output before allowing any automation to act on it; d) Ask the publisher for a homepage, repository link, and a signed checksum or pinned version; e) If you must run via npx, consider network controls or npm cache use and inspect package contents (npm pack) beforehand. If the author can supply a repository link, pinned version, and checksum, or provide a vendored copy of hackmyagent, the concerns would be largely mitigated.

Like a lobster shell, security has layers — review code before you run it.

latestvk9741rg7b6s341re7ta1kt1ey981ffe8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments