Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Config Tracker
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to do what it says—automatically make local Git commits of selected OpenClaw and workspace files—but users should notice that it persists potentially sensitive config and memory files without per-commit approval.
Install only if you intentionally want automatic local Git commits for OpenClaw configuration and workspace markdown files. Review the tracked file list, avoid secrets in those files, check for repository remotes before pushing, and confirm Git is available even though it is not declared as a requirement. The provided main source text is truncated, so reviewing the complete file before installation would further reduce uncertainty.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Installing the skill can automatically create commits and alter local repository history for the tracked files.
Why it was flagged
The skill executes local Git commands, including add and commit operations. This is purpose-aligned, but it gives the skill automatic mutation authority over local Git repositories.
Skill content
const result = spawnSync("git", [...configArgs, ...args], { cwd: repoDir, env, encoding: "utf-8", timeout: 30000 });Recommendation
Use it only if you want automatic Git commits; keep the tracked file list narrow and review repository state before pushing or sharing.
What this means
Private configuration or memory content may be preserved in local Git history and could be exposed later through backups, repository sharing, or pushes.
Why it was flagged
The tracked files may contain user profile details, agent identity/instructions, long-term memory, and OpenClaw configuration. Git history can retain sensitive content even after it is later deleted from the working file.
Skill content
`USER.md` — 用户信息; `SOUL.md` — Agent 身份设定; `MEMORY.md` — 长期记忆; `~/.openclaw/openclaw.json` — 主配置文件
Recommendation
Avoid storing secrets in tracked files, check whether the workspace has a remote, and clean Git history if sensitive data was committed.
What this means
The skill may continue generating commits frequently without asking each time.
Why it was flagged
The plugin runs automatically at the start of each conversation turn. This persistence is clearly disclosed and aligned with the skill purpose, but users should understand it keeps acting after installation.
Skill content
使用 `before_prompt_build` hook,每次对话轮次开始时自动检查并提交变更。
Recommendation
Disable the skill or set its `enabled` configuration to false when you do not want automatic tracking.