OpenClaw Security Monitor
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a purpose-aligned OpenClaw security scanner/remediator, but its local scans, remediation scripts, optional cron, and alerting features are high-impact and should be reviewed before use.
Before installing or enabling automation, verify the GitHub source, run scans locally, start with dry-run remediation, keep the dashboard bound to localhost, and only enable cron or Telegram alerts if you understand what information will be logged or sent.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Applying fixes could change OpenClaw configuration, skill behavior, permissions, or security policy and may disrupt existing workflows if a finding is wrong.
The skill can run many shell-based remediation scripts that change local OpenClaw security settings. This matches the security-remediation purpose and is documented as interactive/dry-run with explicit unattended opt-in, but it is still high-impact.
Scan-driven remediation: runs `scan.sh`, skips CLEAN checks, and executes per-check remediation scripts ... file permissions, exfiltration domain blocking, tool deny lists, gateway hardening, sandbox configuration...
Run `remediate.sh --dry-run` first, review each finding, and avoid `--yes` or unattended remediation unless you trust the scripts and understand the changes.
Scan results or logs may reveal sensitive paths, permission problems, or other security-relevant information about local credentials and sessions.
The scanner intentionally inspects credential/session-related OpenClaw areas to detect insecure permissions or leakage. That is purpose-aligned, but these locations may contain sensitive account or agent material.
File & credential permission audit (config files, credentials dir, sessions)
Run scans locally, restrict access to generated logs and dashboard output, and be cautious before forwarding scan results to external alerting services.
If the upstream repository or branch changes unexpectedly, running the installer could install different code than the registry artifact.
The installer can fetch or update code from GitHub and make scripts executable. This is a normal user-directed install/update mechanism, but it means the GitHub repository is part of the trust boundary.
REPO="https://github.com/adibirzu/openclaw-security-monitor.git" ... git pull --ff-only origin main ... git clone "$REPO" "$INSTALL_DIR"
Verify the repository owner and commit, review changes before updating, and prefer pinned releases where possible.
If enabled, the skill will continue running scheduled scans outside the immediate session.
The README documents a cron-based scheduled scan. It is explicitly described as optional and manual, not hidden or automatic.
**Optional persistence** (manual, not auto-installed):
```bash
crontab -l | { cat; echo "0 6 * * * $(pwd)/scripts/daily-scan-cron.sh"; } | crontab -
```Enable the cron job only if you want ongoing monitoring, review your crontab after setup, and remove the entry when no longer needed.
Security findings could be visible to anyone with access to the configured Telegram bot/chat or notification channel.
The skill can send security-monitoring alerts through Telegram. This external alerting flow is disclosed and purpose-aligned, but scan status or finding details may leave the local machine depending on setup.
- **Daily automated scans** with Telegram alerting
Use a dedicated Telegram bot/chat, avoid sending secrets in alerts, and review the alert script/configuration before enabling it.
A mistaken path could delete the wrong skill directory or other local files.
The static scan detected a destructive shell command in documentation. The command is scoped to a single OpenClaw skill path and appears manual, but `rm -rf` is inherently risky if the placeholder is filled incorrectly.
rm -rf ~/.openclaw/workspace/skills/<skill-name>
Do not paste the command blindly; verify the expanded path first and consider moving the directory to a backup location instead of deleting it immediately.