warn
suspicious.destructive_delete_command
- Location
- README.md:167
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
OpenClaw Security Monitor
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.destructive_delete_command
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Applying fixes could change OpenClaw configuration, skill behavior, permissions, or security policy and may disrupt existing workflows if a finding is wrong.
Why it was flagged
The skill can run many shell-based remediation scripts that change local OpenClaw security settings. This matches the security-remediation purpose and is documented as interactive/dry-run with explicit unattended opt-in, but it is still high-impact.
Skill content
Scan-driven remediation: runs `scan.sh`, skips CLEAN checks, and executes per-check remediation scripts ... file permissions, exfiltration domain blocking, tool deny lists, gateway hardening, sandbox configuration...
Recommendation
Run `remediate.sh --dry-run` first, review each finding, and avoid `--yes` or unattended remediation unless you trust the scripts and understand the changes.
NoteMedium Confidence
ASI03: Identity and Privilege AbuseWhat this means
Scan results or logs may reveal sensitive paths, permission problems, or other security-relevant information about local credentials and sessions.
Why it was flagged
The scanner intentionally inspects credential/session-related OpenClaw areas to detect insecure permissions or leakage. That is purpose-aligned, but these locations may contain sensitive account or agent material.
Skill content
File & credential permission audit (config files, credentials dir, sessions)
Recommendation
Run scans locally, restrict access to generated logs and dashboard output, and be cautious before forwarding scan results to external alerting services.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
If the upstream repository or branch changes unexpectedly, running the installer could install different code than the registry artifact.
Why it was flagged
The installer can fetch or update code from GitHub and make scripts executable. This is a normal user-directed install/update mechanism, but it means the GitHub repository is part of the trust boundary.
Skill content
REPO="https://github.com/adibirzu/openclaw-security-monitor.git" ... git pull --ff-only origin main ... git clone "$REPO" "$INSTALL_DIR"
Recommendation
Verify the repository owner and commit, review changes before updating, and prefer pinned releases where possible.
NoteHigh Confidence
ASI10: Rogue AgentsWhat this means
If enabled, the skill will continue running scheduled scans outside the immediate session.
Why it was flagged
The README documents a cron-based scheduled scan. It is explicitly described as optional and manual, not hidden or automatic.
Skill content
**Optional persistence** (manual, not auto-installed):
```bash
crontab -l | { cat; echo "0 6 * * * $(pwd)/scripts/daily-scan-cron.sh"; } | crontab -
```Recommendation
Enable the cron job only if you want ongoing monitoring, review your crontab after setup, and remove the entry when no longer needed.
NoteMedium Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Security findings could be visible to anyone with access to the configured Telegram bot/chat or notification channel.
Why it was flagged
The skill can send security-monitoring alerts through Telegram. This external alerting flow is disclosed and purpose-aligned, but scan status or finding details may leave the local machine depending on setup.
Skill content
- **Daily automated scans** with Telegram alerting
Recommendation
Use a dedicated Telegram bot/chat, avoid sending secrets in alerts, and review the alert script/configuration before enabling it.
NoteHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
A mistaken path could delete the wrong skill directory or other local files.
Why it was flagged
The static scan detected a destructive shell command in documentation. The command is scoped to a single OpenClaw skill path and appears manual, but `rm -rf` is inherently risky if the placeholder is filled incorrectly.
Skill content
rm -rf ~/.openclaw/workspace/skills/<skill-name>
Recommendation
Do not paste the command blindly; verify the expanded path first and consider moving the directory to a backup location instead of deleting it immediately.