ClawHub

SecurityVitals

v1.3.2

Security vitals checker, also known as ClawVitals. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.

0· 87·0 current·0 all-time
by@bk-cm·fork of @bk-cm/clawvitals
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (security health check for OpenClaw) match the requested binaries and commands: openclaw is required and the skill only runs OpenClaw CLI commands plus node --version. Nothing requested appears unrelated to running an OpenClaw-centric audit.
Instruction Scope
SKILL.md clearly lists the exact CLI commands to run and limits processing to those outputs; it explicitly instructs not to display raw CLI output or secrets. One notable behavior: `openclaw update status --json` may cause the OpenClaw CLI itself to contact its update registry (the skill documents this). No instructions read unrelated files, env vars, or external endpoints beyond what the OpenClaw CLI may do.
Install Mechanism
No install spec and no code files — instruction-only skill (lowest install risk). It does not download or extract external archives or create binaries.
Credentials
No environment variables or credentials are requested. Required binaries (openclaw, node) are proportional to the stated checks; no unrelated secrets or config paths are demanded.
Persistence & Privilege
Skill is not always-enabled and is user-invocable only. It is stateless and does not request to modify other skills or system-wide settings.
Assessment
This skill appears to do exactly what it says: run a small, deterministic set of OpenClaw and node commands and report findings. Before installing, confirm you trust the local OpenClaw CLI (because the skill runs OpenClaw commands) and that you are okay with the CLI possibly contacting its update registry when `openclaw update status` runs. Run scans on a system where exposing OpenClaw audit/health output is acceptable (audit output can include diagnostic detail); the skill instructs not to display secrets but review outputs yourself if you have sensitive configuration. Finally, ensure your OpenClaw version meets the skill's minOpenClawVersion (2026.3.0).

Like a lobster shell, security has layers — review code before you run it.

latestvk974x2c5f1tq96fjaq18f95v5983dqef

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsopenclaw, node

Comments