openclaw-audit-watchdog
v0.1.1Automated daily security audits for OpenClaw agents with email reporting. Runs deep audits and sends formatted reports.
⭐ 3· 2.2k·11 current·11 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's purpose (run OpenClaw audits, format reports, deliver via DM/email, schedule daily) matches the code. However the declared metadata (requires bins: [bash, curl]) omits critical runtime dependencies used everywhere in the code: the 'openclaw' CLI is invoked extensively (cron, security audit commands), Node.js is required to run the .mjs scripts (render_report.mjs, setup_cron.mjs, send_smtp.mjs, load_suppression_config.mjs), and sendmail/SMTP are used for delivery. The registry metadata and required env/credentials do not declare these, which is an incoherence — a user installing the skill would likely need 'openclaw' and 'node' available, plus a local MTA or reachable SMTP server.
Instruction Scope
Runtime instructions and scripts stay within the claimed audit/reporting scope: they run 'openclaw security audit' (normal), render and filter results, and deliver via DM/email. The setup script will create/update a scheduled Cron job using the 'openclaw cron' CLI, and the runner may optionally git-pull the skill directory. The suppression mechanism reads user config files from ~ (and fallback locations) and will only apply suppressions when both a CLI flag and an 'enabledFor' sentinel are present (defense-in-depth). These behaviors are reasonable for the stated purpose, but they do grant the skill the ability to schedule recurring autonomous jobs that post results externally (DM/email), so users should verify delivery targets before enabling. Also note minor logic mismatch risk: suppression 'enabledFor' is normalized to lowercase on load, but suppression matching later uses case-sensitive skill name matching — this could cause surprising mismatches.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the package includes scripts and README examples that suggest downloading/unzipping a release (curl + unzip). The code itself is local (no runtime download URLs in the scripts). Because there is no official install step declared, an operator may follow README instructions to curl/unzip from a GitHub release — that step (if used) would be a network download and should be verified. Overall install approach is moderate risk but not inherently malicious; main issue is absence of declared runtime dependencies in the registry metadata.
Credentials
The registry declares no required environment variables or primary credential, but many optional env vars are used throughout (PROMPTSEC_EMAIL_TO, PROMPTSEC_HOST_LABEL, PROMPTSEC_GIT_PULL, PROMPTSEC_SMTP_HOST/PORT/HELO/FROM, OPENCLAW_AUDIT_CONFIG, PROMPTSEC_DM_CHANNEL, PROMPTSEC_DM_TO, PROMPTSEC_INSTALL_DIR, PROMPTSEC_SENDMAIL_BIN, etc.). These variables are reasonable for configuration, but the skill should have declared at least the primary operational requirement (presence of 'openclaw' CLI and Node) and documented the env vars in the registry metadata. Because environment access is not overly broad (no AWS/GCP keys requested), this is not an exposure to unrelated credentials — it's a documentation/proportionality problem rather than excessive secret access.
Persistence & Privilege
always is false (good). The skill's setup script intentionally creates/updates a scheduled cron job via the 'openclaw cron' CLI; that gives it persistent scheduled execution and delivery capabilities (DM + email). This is consistent with its stated purpose, but creating an autonomous recurring job increases blast radius: the job will run unattended and publish reports to configured recipients. Users should confirm the DM/email targets and verify the openclaw cron privileges before enabling cron setup.
What to consider before installing
What to check before installing:
- Dependencies: ensure the 'openclaw' CLI and Node.js are present and trustworthy. The registry metadata only lists bash/curl but the code requires 'openclaw' and Node to run. Installing without those will fail or produce confusing errors.
- Delivery targets: the setup creates a scheduled job that will DM and email report contents to addresses/handles you configure (PROMPTSEC_DM_CHANNEL, PROMPTSEC_DM_TO, PROMPTSEC_EMAIL_TO). Verify and limit those targets; treat them as external recipients and confirm you’re comfortable sending daily audit outputs there.
- SMTP/MTA behavior: sending uses local sendmail by default or a configurable SMTP host/port. Confirm PROMPTSEC_SMTP_HOST/PORT or the local MTA is appropriate and restricted to an expected relay. The SMTP sender code connects to an arbitrary host/port if configured — validate that value.
- Suppression mechanism: suppressions are opt-in and require both a CLI flag and an 'enabledFor' sentinel in the config. Review suppression config locations (~/.openclaw/security-audit.json, etc.) and the matching rules to avoid accidental silencing of findings. Note a potential mismatch in case-sensitivity that can prevent intended suppressions.
- Cron creation & openclaw cron: setup_cron.mjs uses the 'openclaw cron' commands to create/modify jobs. Confirm the 'openclaw' binary you have is the expected one and that you trust its ability to schedule/execute jobs in your environment.
- Source provenance: the package homepage is provided but the registry owner is not a well-known entity. If you plan to run scheduled jobs on production hosts, prefer obtaining the code from a verified source (official Git repo/release) and do an integrity check (review the scripts, run in a test environment) before enabling cron setup.
If you cannot confirm the origin or the runtime binaries, run the scripts manually in an isolated/test environment first and avoid enabling automatic cron setup or enabling suppressions without audit by your security team.Like a lobster shell, security has layers — review code before you run it.
latestvk97e0r4eb8ay4bcpq1zbgdjn5n81vqet
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔭 Clawdis