Openclaw Action
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The action has a coherent security-scanning purpose, but it downloads and runs unpinned remote scanner code while making overly strong no-network and no-supply-chain-risk claims.
Review carefully before installing. The action's goal is reasonable, but you should treat it as running code from three external GitHub repositories on every workflow run. Prefer pinning or vendoring those scanner scripts, run with least-privilege GitHub token permissions, and avoid using it on highly sensitive repositories unless you trust the remote scanner sources.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A change or compromise in one of those external repositories could change what runs in your workflow and could read repository contents or workflow environment data.
The action fetches scanner code from mutable main-branch raw GitHub URLs at runtime, so the code executed in CI is not pinned, vendored, or fully represented in the reviewed artifacts.
curl -sL https://raw.githubusercontent.com/AtlasPA/openclaw-sentry/main/scripts/sentry.py ... curl -sL https://raw.githubusercontent.com/AtlasPA/openclaw-bastion/main/scripts/bastion.py ... curl -sL https://raw.githubusercontent.com/AtlasPA/openclaw-egress/main/scripts/egress.py
Pin downloads to immutable commit SHAs, vendor the scanner code in the action, or verify checksums before execution; disclose this runtime dependency clearly.
The action can execute externally fetched Python code inside your CI job, with access to the checked-out repository and normal job environment.
The wrapper executes scanner Python files that action.yml downloads into the runner's temporary directory, making runtime behavior depend on external code not included in the artifact set.
subprocess.run([sys.executable, str(scanner_path), command, "-w", str(workspace), "--json"], capture_output=True, text=True, timeout=300)
Only run this action if you trust the external scanner repositories, and prefer a version that includes or pins the scanner code.
Users may believe the action is fully local and supply-chain-free when it actually depends on mutable external code fetched over the network.
These trust-model claims are materially stronger than the implementation supports because action.yml performs network downloads of external scanner scripts each run.
- **No dependencies** — Python stdlib only. No `pip install`, no supply chain risk - **No network calls** — Scanners run locally. Nothing phones home
Revise the README to clearly state the runtime downloads and associated trust assumptions, or remove the network dependency.