ClawHub
Back to skill
v0.1.3

Openclaw Security Audit

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:31 AM.

Analysis

This appears to be a coherent local security-audit skill that inspects local files and host state and writes redacted reports, with no artifact-backed exfiltration or destructive behavior.

GuidanceThis skill is appropriate if you want a local OpenClaw security audit. Before installing or running it, be aware that it will inspect local configuration, logs, env files, git-tracked files, workspace documents, and host/network settings, then save reports locally. Run it from the intended directory and keep generated reports in a private location.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
resources/runtime/openclaw_sec/detectors/host_scan.py
ufw = run_command(["ufw", "status"], timeout=5) ... iptables = run_command(["iptables", "-S"], timeout=5) ... result = run_command(["bash", "-lc", "umask"], timeout=5)

The audit invokes local host inspection commands. These are read-only checks aligned with the stated security-audit purpose, but users should know local tools will be run.

User impactRunning the skill may inspect host firewall, SSH, fail2ban, shell umask, network listener, and repository state.
RecommendationRun it only when you intend a local audit; use the documented --no-host or --no-git options if you want to limit host or repository checks.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
resources/run_audit.sh
if ! command -v python3 >/dev/null 2>&1; then
  echo "python3 is required to run openclaw-sec-audit." >&2
  exit 127
fi

The bundled wrapper has a hard local python3 dependency, while the registry requirement section declares no required binaries. This is an under-declared dependency, not evidence of hidden installation or remote code loading.

User impactThe skill may fail to run on systems without python3 even though the registry metadata does not advertise that requirement.
RecommendationVerify python3 is available before use; the skill publisher should declare python3 in the registry requirements.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
resources/runtime/openclaw_sec/detectors/secret_scan.py
scan_roots = [context.current_dir, context.config_path.parent]
if context.workspace_path:
    scan_roots.append(context.workspace_path)

The secret scanner reads local working-directory, config, and workspace roots, including env files, logs, backups, and OpenClaw workspace documents. This is purpose-aligned, and the report code uses masked examples, but it still handles sensitive local data.

User impactThe audit may read files that contain secrets or long-lived agent memory and then write local reports containing paths, findings, and masked examples.
RecommendationRun it from the intended directory, keep the generated report directory private, and choose a secure --output-dir if the current directory is shared or synced.