v1.0.0

sjht-server-audit

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:40 AM.

Analysis

The skill appears to do the advertised server audit, but it uses passwordless SSH and defaults to root-level remote access, so it should be reviewed carefully before use.

GuidanceInstall or use this only if you intend to audit servers you control. Confirm the target host list, SSH key scope, and user account before running it; consider passing a non-root user when feasible and keep generated reports private.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

scripts/server-audit.sh

ssh -o ConnectTimeout=10 "${USER}@${HOST}" bash -s > "$TMPFILE" << 'AUDIT_SCRIPT'

The skill exposes remote shell execution as its main mechanism. This is expected for a server audit, but it is a powerful capability that should stay user-directed.

User impactThe script will run a fixed set of audit commands on any supplied host, and the batch example can repeat that across multiple servers.

RecommendationReview the command list before use, run it only on intended hosts, and be cautious with bulk host lists.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Required binaries (all must exist): none ... Primary credential: none

The registry metadata does not declare the SSH dependency or key-based SSH access described by the SKILL.md and used by the script.

User impactA user may not notice from metadata alone that the skill needs SSH access to remote servers.

RecommendationDeclare the SSH binary, SSH key/auth requirement, and any dependency on the ssh-ops setup in the skill metadata.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/server-audit.sh

USER="${2:-root}" ... ssh -o ConnectTimeout=10 "${USER}@${HOST}" bash -s

The audit defaults to connecting as root and executing a remote Bash script over SSH, which is administrator-level authority on the target server.

User impactIf run against the wrong host or with an overly broad SSH key, the agent can collect sensitive administrator-level server details.

RecommendationUse only on servers you are authorized to audit, prefer an explicitly specified least-privileged audit user where possible, and document when root access is truly required.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

报告保存位置：`~/.openclaw/workspac/audits/<IP>-<日期>.md` ... 报告只保存在本地 workspace

The skill instructs the agent to persist an audit report locally; such reports can contain server configuration, open ports, cron jobs, process details, and security weaknesses.

User impactAnyone with access to the local workspace could learn sensitive details about the audited servers.

RecommendationStore reports securely, redact secrets before sharing, and delete old audit reports when no longer needed.