全闭环管道

PassAudited by ClawScan on May 2, 2026.

Overview

This skill is a user-invoked wrapper that runs other local pipeline skills and saves logs; no malicious behavior is shown, but users should trust and review the dependent skills it calls.

Before installing or running this skill, review the dependent skills it calls under ~/.openclaw/workspace/skills, especially anything that manages profit reports, orchestration, or resilience. Treat the pipeline logs as potentially sensitive local records.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI02: Tool Misuse and Exploitation

What this means

Running the skill can execute several local tools or other skills on the user's machine.

Why it was flagged

The skill runs shell commands as its core mechanism. The commands are fixed rather than user-supplied, so this is expected for a pipeline wrapper, but users should understand that invoking it executes local scripts.

Skill content

r = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)

Recommendation

Run it only in a trusted workspace and review the called skills before using the full pipeline.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The reviewed artifact alone does not show what the dependent skills will do when called.

Why it was flagged

The package delegates core behavior to other skill directories that are not included in this artifact set and are not declared as install requirements. This is coherent for an orchestrator, but the safety of the full run depends on those external skills.

Skill content

"hunter_scan": "python3 ~/.openclaw/workspace/skills/hunter-plus-agent/scripts/hunter_scan.py", ... "health_check": "bash ~/.openclaw/workspace/skills/resilience-agent/scripts/health_monitor.sh"

Recommendation

Install and review the referenced dependent skills separately, especially profit-agent and resilience-agent, before running the pipeline.

Low

#ASI06: Memory and Context Poisoning

What this means

Local log files may retain small pieces of potentially sensitive pipeline output.

Why it was flagged

The script stores snippets of each step's output in persistent JSON logs under the OpenClaw workspace. Those snippets could include dashboard or profit-report information produced by other skills.

Skill content

output = r.stdout[:200] + (r.stderr[:100] if r.stderr else "") ... json.dump(log, f, indent=2)

Recommendation

Check ~/.openclaw/workspace/state/pipeline_logs periodically and delete logs that contain sensitive information.