ClawHub

Agent Audit Scanner

v0.1.0

Security scanner for OpenClaw skills. Detects prompt injection, credential leaks, unsafe code execution, MCP misconfigurations, privilege escalation, obfusca...

1· 282·0 current·0 all-time
byHeady@headyzhang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (security scanner for OpenClaw skills) aligns with required binaries (python3), declared file_reads (~/.openclaw/skills/** and ~/.openclaw/openclaw.json) and the bundled scripts which discover and scan skill directories. Reading those paths is expected for this purpose.
Instruction Scope
SKILL.md and bundled scripts instruct the agent to read all managed/workspace skills and the OpenClaw config, run the bundled Python scripts, and invoke the external 'agent-audit' CLI. All of these are within scope for a scanner, but the instructions also tell the agent to install/run an external PyPI package ('agent-audit') if missing, which introduces a network fetch and external-code execution step that users should be aware of.
Install Mechanism
There is no registry install spec, but the scripts will try to install 'agent-audit' via pip at runtime. Installing from PyPI is a reasonable design choice for a wrapper, but it is a moderate-risk action (network fetch, arbitrary package code). The bundled code itself does not download arbitrary archives or write unknown binaries to nonstandard locations.
Credentials
The skill declares no required environment variables or credentials and the scripts do not request or exfiltrate secrets. The scanner inspects OpenClaw config files for hardcoded secrets but does not transmit them anywhere. The requested file reads are proportional to the scanning purpose.
Persistence & Privilege
always is false, persistence false, and the skill does not request system-wide writes or modify other skills' configs. Autonomous invocation is marked restricted in SKILL.md; nothing indicates the skill will persist or gain elevated privileges.
Assessment
This skill appears to do what it claims (scan installed skills and OpenClaw config). Before installing or running it: (1) review the upstream 'agent-audit' project (SKILL.md frontmatter points at https://github.com/HeadyZhang/agent-audit) and confirm you trust the PyPI package name, since the scripts will pip-install and run that tool; (2) recognize the scanner needs read access to ~/.openclaw/skills/** and ~/.openclaw/openclaw.json — check you are comfortable granting that; (3) running the scripts may install packages (network fetch) and will execute an external CLI (ensure no malicious 'agent-audit' is present earlier on PATH); (4) if you want extra safety, run the scanner from an isolated environment (VM/container) or inspect the agent-audit source locally before allowing the skill to auto-install it; (5) note a minor metadata inconsistency: registry metadata showed no homepage/source but SKILL.md includes a GitHub URL — verify that ownership/source are what you expect.

Like a lobster shell, security has layers — review code before you run it.

latestvk977458etep6h8jg8ytjk8p0m182bwkm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments