Back to skill

Security audit

clawsec-scanner

Security checks across malware telemetry and agentic risk

Overview

This is a real security-scanner skill, but it needs review because its persistent hook behavior and some security-coverage claims are under-scoped or misleading.

Install only if you want a persistent OpenClaw security-scanning hook. Review the hook setup before running it, back up any existing clawsec-scanner-hook directory, set CLAWSEC_SCANNER_TARGET narrowly, and do not treat its DAST or Semgrep severity output as complete security assurance without manual review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The header comments claim the runner will execute real hook handlers and validate runtime behaviors, but the implementation only performs static inspection and explicitly states that target code was not executed. In a security scanner, this creates a dangerous false sense of coverage: users may believe malicious hooks were dynamically tested for resilience, timeout, and mutation safety when those checks never occurred.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The inline documentation overstates the scanner's capabilities by describing dynamic execution and runtime validation that do not occur in code. Because this file belongs to an automated vulnerability scanner, such misrepresentation undermines trust decisions and can cause dangerous hooks to be shipped or approved based on nonexistent DAST coverage.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
This test explicitly codifies incorrect severity handling by asserting that Semgrep severities like ERROR and WARNING should normalize to 'info'. In a vulnerability scanner, that behavior can systematically under-rank real findings, causing downstream triage, alerting, or policy enforcement to miss or de-prioritize significant issues.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installer unconditionally deletes the existing hook directory with fs.rmSync(..., { recursive: true, force: true }) before copying new files. This can destroy any prior local hook content, user customizations, or unexpectedly replace a trusted hook with new code without confirmation, which is risky because this skill installs code into a persistent execution location under ~/.openclaw/hooks.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes generic phrases like "security scan," "run scanner," and "security check," which can plausibly appear in ordinary user conversation and may cause unintended invocation of this skill. Because this skill launches security tooling and subprocess-based scanning workflows, overly broad activation increases the risk of accidental execution against the wrong target, unnecessary resource use, or scanning of sensitive repositories without clear operator intent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
lib/utils.mjs:24

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/dast_runner.mjs:169

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/setup_scanner_hook.mjs:17

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
test/dast_harness.test.mjs:285

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
test/reviewer_regressions.test.mjs:31

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/query_cve_databases.mjs:65