OpenClaw Arbiter

Audits installed skills to report exactly what system resources each one accesses — network, subprocess, file I/O, environment variables, and unsafe operations.

The Problem

You install skills and trust them blindly. A skill that claims to format markdown could also open network connections, execute shell commands, or read your environment variables. Nothing reports what permissions each skill actually uses.

Commands

Full Audit

Deep audit of all installed skills with line-level findings.

python3 {baseDir}/scripts/arbiter.py audit --workspace /path/to/workspace

Audit Single Skill

python3 {baseDir}/scripts/arbiter.py audit openclaw-warden --workspace /path/to/workspace

Permission Matrix

Compact table showing permission categories per skill.

python3 {baseDir}/scripts/arbiter.py report --workspace /path/to/workspace

Quick Status

One-line summary of permission risk.

python3 {baseDir}/scripts/arbiter.py status --workspace /path/to/workspace

What It Detects

Category	Risk	Examples
Serialization	CRITICAL	pickle, eval(), exec(), import
Subprocess	HIGH	subprocess, os.system, Popen, command substitution
Network	HIGH	urllib, requests, curl, wget, hardcoded URLs
File Write	MEDIUM	open('w'), shutil.copy, os.remove, rm
Environment	MEDIUM	os.environ, os.getenv, os.putenv
Crypto	LOW	hashlib, hmac, ssl
File Read	LOW	open('r'), os.walk, glob

Exit Codes

• 0 — Clean, all skills within normal bounds
• 1 — Elevated permissions detected (review needed)
• 2 — Critical permissions detected (action needed)

No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.