Openclaw Egress
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a local workspace egress scanner, but its bundled script advertises block and quarantine behavior that could change installed skills even though the user-facing instructions mainly describe scanning.
Review the full script before installing or invoking it. It looks useful for local egress scanning, but limit scans to intended workspaces and avoid any block/quarantine/allowlist-enforcement commands unless you explicitly want the tool to modify or disable skills.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a blocking or quarantine mode is invoked, the skill could modify workspace files or disable installed skills rather than only reporting findings.
The script advertises high-impact mutation capabilities that can alter or disable skills, while SKILL.md only documents scan/status/domain commands and does not describe approval, scope, rollback, or containment for blocking or quarantine behavior.
Detect outbound URLs... then automatically block connections, quarantine compromised skills, and enforce domain allowlists. ... QUARANTINE_PREFIX = ".quarantined-" ... BLOCK_COMMENT = "# [BLOCKED by openclaw-egress]"
Use only the documented scan/status/domain commands unless you have reviewed the full script, backed up the workspace, and explicitly intend to allow block or quarantine actions. The author should clearly separate or disclose mutation features and require explicit confirmation.
Running a full scan may reveal sensitive URLs or endpoint details from files in the selected workspace.
A full scan walks the workspace, reads non-binary files, and records detected URLs. This is purpose-aligned for DLP, but it can expose private endpoints or URL-embedded secrets in scan output or agent context.
files, root = [], (ws / "skills") if skills_only else ws ... os.walk(root) ... content = fpath.read_text(... errors="ignore") ... "url": url[:100]
Run scans only on workspaces you intend to inspect, prefer --skills-only for skill review, and avoid sending scan output to untrusted parties.
It is harder to confirm that the installed code matches a trusted upstream project.
The registry metadata does not provide a canonical source or homepage, so users have less provenance information to verify the bundled script.
Source: unknown; Homepage: none
Verify the package source and compare the bundled script against a trusted repository before relying on it for security-sensitive scans.