OCAX Passport
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ocax-passport Version: 1.0.0 The OCAX Passport skill is designed to collect and display system hardware specifications (CPU, GPU, RAM, Storage) and calculate a performance-based reputation score. It uses standard libraries like 'psutil' and 'platform' for data collection and 'subprocess.run' to safely query 'nvidia-smi' for GPU details. No evidence of data exfiltration, malicious prompt injection, or unauthorized execution was found; the code logic in 'ocax_passport.py' and 'skill.py' aligns strictly with the stated purpose of node identity management.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Hardware and node identity details may be reused in later skill responses during the same running session.
The skill keeps a generated passport object in process memory for reuse, which can include node name, owner name, and local hardware profile data.
# 全局 passport 实例
_passport = None
...
if _passport is None:
_passport = generate_passport(node_name, owner)
return _passportUse non-sensitive node and owner names, and review the passport output before sharing it outside the local conversation.
If enabled, the skill may continue periodically refreshing local node information while the process is running.
The documentation includes an optional periodic auto-update call, indicating the skill can refresh node data on a schedule when enabled.
# 启用自动更新 passport.enable_auto_update(86400) # 24小时
Enable auto-update only when periodic refresh is desired, and stop or restart the process if you no longer want it active.
A future install could pull a different psutil release than the one originally tested by the skill author.
The dependency is declared with a lower-bound version rather than a pinned exact version, so future installs may resolve to newer package versions.
psutil>=5.9.0
Install from trusted package indexes and consider pinning dependency versions in controlled environments.