ClawHub

ClawVitals

v1.3.2

Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.

0· 161·0 current·0 all-time
by@bk-cm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (OpenClaw security health checks) match the required binaries and declared minOpenClawVersion. Requiring the OpenClaw CLI and node is consistent with the listed commands and version extraction steps.
Instruction Scope
SKILL.md restricts runtime behavior to five explicit commands and instructs the agent to extract only needed fields and never display secrets. This is coherent. Note: collecting 'full output' before parsing could expose sensitive values in memory; the skill explicitly forbids displaying secrets, but users should be aware the agent will read the raw command output during evaluation.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The permissions in skill.json only cover executing the listed CLI commands, which fits the stated checks.
Persistence & Privilege
always is false, the skill is not persistent, and SKILL.md declares it is stateless and stores nothing. The skill does not modify other skills or system config.
Assessment
This skill is instruction-only and only runs five commands (openclaw security audit, openclaw health, openclaw --version, openclaw update status, node --version). Before installing: (1) Confirm you trust the skill's homepage/repository and author; (2) be aware that openclaw update status may contact OpenClaw's update registry (network call originates from the OpenClaw CLI, not the skill); (3) review what openclaw security audit outputs on your system — it may include internal configuration details (the skill instructs not to display secrets, but the agent will read the raw output while evaluating); (4) if you prefer, run the five commands yourself locally to preview outputs and confirm nothing sensitive will be exposed to the agent; (5) ensure your agent/policy prevents unintentional exfiltration of command outputs to external services. Overall, the skill is coherent with its purpose but verify trust in the publisher and your agent's outbound controls before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk972sappz0yrj04mw97dzwnb1x83c9yc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsopenclaw, node

Comments