ClawHub

Openclaw Security Audit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent local security-audit skill that inspects local files and host state and writes redacted reports, with no artifact-backed exfiltration or destructive behavior.

This skill is appropriate if you want a local OpenClaw security audit. Before installing or running it, be aware that it will inspect local configuration, logs, env files, git-tracked files, workspace documents, and host/network settings, then save reports locally. Run it from the intended directory and keep generated reports in a private location.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

Running the skill may inspect host firewall, SSH, fail2ban, shell umask, network listener, and repository state.

Why it was flagged

The audit invokes local host inspection commands. These are read-only checks aligned with the stated security-audit purpose, but users should know local tools will be run.

Skill content
ufw = run_command(["ufw", "status"], timeout=5) ... iptables = run_command(["iptables", "-S"], timeout=5) ... result = run_command(["bash", "-lc", "umask"], timeout=5)
Recommendation

Run it only when you intend a local audit; use the documented --no-host or --no-git options if you want to limit host or repository checks.

#
ASI06: Memory and Context Poisoning
Medium
What this means

The audit may read files that contain secrets or long-lived agent memory and then write local reports containing paths, findings, and masked examples.

Why it was flagged

The secret scanner reads local working-directory, config, and workspace roots, including env files, logs, backups, and OpenClaw workspace documents. This is purpose-aligned, and the report code uses masked examples, but it still handles sensitive local data.

Skill content
scan_roots = [context.current_dir, context.config_path.parent]
if context.workspace_path:
    scan_roots.append(context.workspace_path)
Recommendation

Run it from the intended directory, keep the generated report directory private, and choose a secure --output-dir if the current directory is shared or synced.

#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

The skill may fail to run on systems without python3 even though the registry metadata does not advertise that requirement.

Why it was flagged

The bundled wrapper has a hard local python3 dependency, while the registry requirement section declares no required binaries. This is an under-declared dependency, not evidence of hidden installation or remote code loading.

Skill content
if ! command -v python3 >/dev/null 2>&1; then
  echo "python3 is required to run openclaw-sec-audit." >&2
  exit 127
fi
Recommendation

Verify python3 is available before use; the skill publisher should declare python3 in the registry requirements.