Back to skill
Skillv1.0.0
ClawScan security
OpenClaw Security Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 6:29 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill's code and runtime instructions are coherent with its stated purpose (local OpenClaw security auditing); it performs only local read-only checks and command invocations and does not request external credentials or perform network exfiltration.
- Guidance
- This skill appears to do what it says: read local OpenClaw configs, scan workspace symlinks, check Docker port mappings, call local OpenClaw diagnostic commands, and report findings as JSON. Before running it, consider: 1) it will read local config files (e.g., ~/.openclaw, /etc/openclaw, /etc/nginx, /etc/caddy) and run local commands (openclaw, docker, ss/netstat). Those outputs can contain sensitive tokens or paths — treat results as sensitive. 2) The optional OPENCLAW_WORKSPACE env var is used by scripts but not declared as required; set it if you want the tool to target a specific workspace. 3) Run the skill in a safe environment (non-production or isolated VM) if you are concerned about exposing secrets to the agent, and review the included scripts yourself (they are short and readable). 4) The skill is read-only in code, but the agent capturing its stdout will see any sensitive content the scripts print, so avoid running it with elevated/overbroad agent permissions if you do not trust the agent. Overall, the package is coherent and appropriate for its auditing purpose.
Review Dimensions
- Purpose & Capability
- okThe name/description describe a local OpenClaw security audit and the included modules match that purpose: they read configuration files, scan workspace symlinks, check file permissions, inspect Docker ports, and call local OpenClaw diagnostic commands. Required capabilities (access to local files and system commands) align with the stated goal.
- Instruction Scope
- okSKILL.md prescribes running the bundled local check modules and summarizing their findings. The modules operate on local files and local CLI tools (openclaw, docker, ss/netstat) and print JSON results. There are no steps that attempt to read arbitrary unrelated locations, contact external endpoints, or modify system configuration. The skill correctly documents failure handling and audit limitations.
- Install Mechanism
- okThere is no install spec and no network downloads. The skill is delivered as source scripts and the runtime behavior is limited to running local commands. This is the lowest-risk install pattern for this kind of tool.
- Credentials
- noteThe skill declares no required environment variables, but several scripts optionally honor OPENCLAW_WORKSPACE to locate config/workspace (this is reasonable for configurability). The scripts read local config paths (e.g., ~/.openclaw, /etc/openclaw, /etc/nginx, /etc/caddy) and run system commands (docker, openclaw, ss/netstat). That access is necessary for an audit tool, but it means running the skill will expose local configuration and command output (which may contain secrets) to the invoking agent — a legitimate but sensitive capability that the user should be aware of.
- Persistence & Privilege
- okThe skill does not request always:true, does not declare persistent system-wide changes, and its modules run as ephemeral read-only checks. It invokes local commands but does not attempt to modify other skills or global agent configuration.