SecurityVitals
Security checks across static analysis, malware telemetry, and agentic risk
Overview
SecurityVitals appears to be a coherent, instruction-only OpenClaw security checker that runs a small, disclosed set of local diagnostic commands without storing data.
This skill looks reasonable for checking an OpenClaw installation’s security posture. Before installing, be comfortable with the agent running the five documented local commands, and remember that update status may contact the OpenClaw registry through the OpenClaw CLI.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can run local diagnostic commands against your OpenClaw installation and report security-health results.
The skill delegates work to local CLI tools. This is expected for an OpenClaw security checker and is tightly enumerated, but it is still local command execution.
Five CLI commands only: - `openclaw security audit --json` - `openclaw health --json` - `openclaw --version` - `openclaw update status --json` - `node --version`
Install only if you want the agent to perform these OpenClaw checks, and verify future versions keep the same narrow command scope.
The agent may briefly process security or configuration-related output from your local OpenClaw installation, even though the skill tells it not to reveal secrets.
The instructions acknowledge that command output may contain sensitive values, while also limiting extraction and display. This is purpose-aligned but worth user awareness.
Never display API keys, tokens, credentials, secrets, or any sensitive values that may appear in command output.
Run the skill in a trusted OpenClaw environment and avoid sharing raw command output outside the agent if troubleshooting is needed.