enterprise-security-suite
WarnAudited by ClawScan on May 10, 2026.
Overview
This security skill is not clearly malicious, but it changes persistent agent memory and its advertised safety checks do not actually enforce the protections they promise.
Review carefully before installing. Do not rely on this skill as a real high-risk approval gate unless the confirmation and skill-check API mismatches are fixed. If you activate it, understand that it writes persistent memory rules through Docker/psql and keep a plan to remove those memory entries if needed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe dangerous actions are blocked until approval, while an agent relying on this function could continue immediately.
The advertised high-risk confirmation function only prints a confirmation request and then returns success. It does not read the user's reply or check CONFIRM_KEYWORDS, despite SKILL.md claiming high-risk operations require explicit confirmation.
console.log(`请回复:"确认"/"Y"/"是" 继续。\n`); return true;
Implement a real blocking approval flow that waits for user input, validates the allowed confirmation words, and returns false or throws when confirmation is absent.
The skill-install safety check may give users false confidence that high-risk skills will be rejected automatically.
The documented high-risk blocking example checks result.risk, but modules/security-check.js returns overallRisk instead. Code following the documentation would not block high-risk skills as shown.
if (result.risk === 'high') {
throw new Error('高风险技能,拒绝安装');
}Align the API and documentation, for example by returning risk as documented or updating all examples to check overallRisk.
The skill can change the agent's future behavior until those memory entries are removed or overwritten.
The activation script persists decision-category memory entries that future agent sessions may trust and reuse.
INSERT INTO memories (agent, category, key, content, importance) VALUES ('Cloud', '${mem.category}', '${mem.key}', ...)Review the exact memory keys before activation and provide a clear uninstall or disable procedure for removing them.
Running activation can modify local OpenClaw memory state and may fail or behave unexpectedly if the assumed Docker container/database is different.
Manual activation executes a shell command that writes directly to the local memory database. This is disclosed and purpose-aligned, but it is a powerful operation and Docker is not declared as a requirement.
execSync(`docker exec -i pgmemory psql -U openclaw -d openclaw -c "${sql}"`, { stdio: 'pipe' });Run the activation script only after reviewing it; prefer a scoped official memory API and declare required binaries/services.
Users have less assurance about origin and may not realize the activation step needs local runtime tools.
The package lacks clear provenance and under-declares setup requirements even though SKILL.md instructs running Node code and activate.js invokes Docker.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Required binaries: none
Install only from a trusted source, add a homepage/repository, and declare Node/Docker or database assumptions explicitly.