Claw Security Scanner
ReviewAudited by ClawScan on May 10, 2026.
Overview
The scanner’s purpose is coherent, but it appears able to place raw secrets it finds into reports, which could leak credentials if reports are saved or shared.
Install only if you are comfortable letting the scanner read the skill directories you specify. Before using JSON, Markdown, console logs, CI uploads, or shared reports, verify that detected secrets are redacted or keep the reports private. Prefer targeted scans, sandbox dynamic analysis, and pin or verify dependencies for a security-sensitive tool.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the scanner finds a real API key, password, token, or database URL, that secret may be copied into console, JSON, Markdown, or CI reports where other people or systems can read it.
Matched credential strings are stored as finding evidence and serialized into scan results. The visible code does not show masking before reports are generated.
evidence = match.group(0) ... result['findings'] = [asdict(f) for f in self.findings]
Mask secret values by default, include only a short fingerprint or partial prefix/suffix, and require an explicit user opt-in before exporting full secret evidence.
The scanner may read files that contain passwords, API keys, tokens, or other account secrets within the paths you ask it to scan.
The skill explicitly scans environment and configuration files for sensitive information, which is expected for its security-scanner purpose but involves credential-adjacent data.
检测.env、配置文件中的敏感信息
Run it only on intended skill directories, avoid sharing raw reports publicly, and review report output before uploading it to issue trackers or CI artifacts.
A broad scan can process many local skill files, and an auto-fix feature, if implemented, could modify files.
The documented CLI supports broad scans of installed skill directories and an auto-fix mode. These are aligned with a security scanner, but they can affect many files if used carelessly.
security-scan --all-installed ... security-scan --directory ~/.openclaw/skills/ ... security-scan --skill target --auto-fix
Prefer targeted scans first, keep backups enabled, and review proposed fixes before allowing automated changes.
Future dependency versions could change scanner behavior or introduce vulnerabilities without an obvious change to this skill.
Dependencies are declared with open lower-bound ranges rather than pinned versions, which can reduce reproducibility for a security-sensitive tool.
"dependencies": { "requests": ">=2.25.1", "pyyaml": ">=6.0", "colorama": ">=0.4.6", "semantic-version": ">=2.10.0" }Use pinned dependency versions or a lockfile, and prefer verified release artifacts over floating latest installs.
If this feature is implemented, scanning an untrusted skill could involve executing or simulating untrusted code.
The documentation claims dynamic behavior analysis using sandboxed simulated execution. This is purpose-aligned for malware scanning, but users should understand that dynamic analysis can be risky if not isolated.
动态行为分析 - 沙箱环境模拟执行
Use offline/containerized scans for untrusted skills and confirm that any dynamic-analysis mode is sandboxed before enabling it.