LSP Python

PassAudited by VirusTotal on May 11, 2026.

Overview

Type: OpenClaw Skill Name: lsp-python Version: 1.1.0 The skill bundle is classified as suspicious due to a Local File Inclusion (LFI) vulnerability present in `scripts/lsp-python.py`. This script, and its wrappers `scripts/lsp-service.py` and `scripts/check_python.py`, take file paths directly from command-line arguments (`sys.argv`) and use them to read file content (`Path(file_path).read_text()`) without sufficient sanitization or scope validation. An attacker controlling the input arguments to these scripts could potentially instruct the OpenClaw agent to read arbitrary files on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`), leading to unauthorized data access. While this is a significant vulnerability, there is no clear evidence of intentional malicious behavior such as data exfiltration to external endpoints or persistence mechanisms.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note

ASI02: Tool Misuse and Exploitation

What this means

If used with auto-fix on a broad directory, many source files may be rewritten.

Why it was flagged

The batch checker can recurse through a directory and, when auto-fix is selected, run in-place formatting/import-cleanup tools on the discovered Python files.

Skill content

elif p.is_dir():
            py_files.extend([str(f) for f in p.rglob('*.py')])
...
subprocess.run(
        ['autoflake', '--remove-all-unused-imports', '--in-place', filepath],

Recommendation

Run auto-fix only on intended project folders, review diffs afterward, and keep backups or version control.

Note

ASI05: Unexpected Code Execution

What this means

The installed local pylsp and its plugins will process the files you ask the skill to analyze.

Why it was flagged

The skill starts the local pylsp executable as part of its normal LSP workflow.

Skill content

pylsp = subprocess.Popen(
        ["pylsp"],
        stdin=subprocess.PIPE,
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,

Recommendation

Use a trusted Python environment or virtual environment for pylsp and install only plugins you trust.

Note

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Dependency behavior depends on what versions are installed in the user's environment.

Why it was flagged

The setup instructions rely on external PyPI packages without pinned versions.

Skill content

- **pylsp**: `pip install python-lsp-server`
- **可选插件**:
  - `pip install python-lsp-server[all]`
  - `pip install pylsp-mypy`
  - `pip install pylsp-black`

Recommendation

Install dependencies from trusted sources, preferably in a virtual environment, and pin versions for reproducible use.