openclaw-hybrid-audit

The skill largely behaves like a local security-audit tool, but there are incoherencies (undeclared runtime dependencies and an automated 'push' path / cron setup that will transmit scan results) and the shipped script was truncated in the bundle I reviewed, so you should review what is sent before enabling automation.

What to consider before installing/use: - Functional fit: The skill appears to do what it says (local system audit + human-friendly report) and includes the audit script and cron setup guide. - Verify runtime requirements: This bundle expects Node.js and the 'openclaw' CLI (and uses many system utilities); these were not declared in metadata. Ensure Node is installed and understand that the 'openclaw' CLI must be present and trusted before running. - Review what is sent with --push / cron: The 'full' mode (--push) and the recommended openclaw cron job can transmit scan results (component lists / threat-intel) to remote chat channels. The docs state only component lists are sent, but the exact payload is not enumerated in metadata. If you care about confidentiality, run the script locally (no --push) first and inspect the generated report files in ~/.openclaw/security-reports/ before enabling push or scheduling. - Inspect the full script: The included JS file is large; part of it was truncated in the bundle preview. You should open and read the entire scripts/openclaw-hybrid-audit-changeway.js file to confirm there are no unexpected network endpoints, credential harvesting, or obfuscated code paths. If you cannot audit it yourself, test in an isolated environment (VM) first. - Cron safety: If you enable automated scheduling, double-check the exact 'openclaw cron add' command (channel, --to chat id, message content). A scheduled job will run autonomously and push output to the configured destination; only enable that after confirming the destination and payload are acceptable. - Least privilege: Running some of the checks may require elevated privileges to be fully effective; avoid running as root unless you understand which scans need it. Also, the script calls tools that may reveal sensitive system state (open ports, processes, logs) — limit exposure as needed. If you want, I can (1) scan the full scripts/openclaw-hybrid-audit-changeway.js file for network calls and suspicious patterns (please provide the untruncated content), or (2) show the exact files that would be written to your home directory and the sample report header so you can confirm what data is produced locally.