Openclaw Action
WarnAudited by ClawScan on May 10, 2026.
Overview
The action’s scanning purpose is coherent, but it automatically downloads and runs unpinned remote scanner code while its documentation overstates that there are no network calls or supply-chain risks.
Review this carefully before installing. The action is consistent with a CI security scanner, but you should not rely on the current package alone as the full auditable code path because it downloads scanner scripts from mutable remote branches. Prefer a version that pins or vendors the scanners, and run it with least-privilege GitHub Actions permissions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If any upstream scanner repository or branch is changed or compromised, the CI runner could execute unreviewed code with access to the checked-out repository and runner environment.
The action downloads scanner scripts from mutable main branches at runtime, and the included orchestrator then executes those scanner files. There is no commit pinning, release pinning, or checksum verification shown.
curl -sL https://raw.githubusercontent.com/AtlasPA/openclaw-sentry/main/scripts/sentry.py ... curl -sL https://raw.githubusercontent.com/AtlasPA/openclaw-bastion/main/scripts/bastion.py ... curl -sL https://raw.githubusercontent.com/AtlasPA/openclaw-egress/main/scripts/egress.py ...
Vendor the scanner code into the action package or pin downloads to immutable commits/releases and verify checksums before execution.
Users may install the action believing all executable code is local and auditable, when important code is retrieved remotely at runtime.
The trust model claims no network calls and no supply-chain risk, but the action fetches remote scanner scripts during each run. Even though direct fetching is later mentioned, the safety claim is materially overstated.
- **No dependencies** — Python stdlib only. No `pip install`, no supply chain risk - **No network calls** — Scanners run locally. Nothing phones home ... The scanner scripts are fetched directly from the individual tool repositories
Revise the documentation to clearly state the runtime network downloads and supply-chain assumptions, or remove the remote-download design.