Openclaw Security Toolkit

ReviewAudited by ClawScan on May 1, 2026.

Overview

The skill matches its stated security-audit purpose, but it can inspect OpenClaw credential/access files and change authentication settings when fix commands are used.

This appears to be a purpose-aligned local security toolkit rather than a malicious skill. Before installing, be comfortable with it reading OpenClaw credential/config/access files, avoid sharing its outputs without review, and use --fix or token rotation only when you are ready to change authentication settings.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Running scans or reports may expose sensitive OpenClaw credential locations and findings in the agent session or output files.

Why it was flagged

The scanner is intentionally configured to read OpenClaw config, environment, and credential locations that may contain API keys, tokens, or other sensitive account data.

Skill content

"paths": ["~/.openclaw/openclaw.json", "~/.openclaw/.env", "~/.openclaw/credentials/"]

Recommendation

Use this only in a trusted local environment, review generated output before sharing it, and avoid pasting reports with secret findings into public or untrusted places.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

Using --fix may change how OpenClaw authentication works and may require a gateway restart; a mistaken run could disrupt existing access.

Why it was flagged

The hardening path can rotate authentication tokens and write changes to the OpenClaw configuration when fix mode is used.

Skill content

result = rotate_token(length=32) ... config["gateway"]["auth"]["mode"] = "token" ... with open(CONFIG_FILE, 'w') as f: json.dump(config, f, indent=2)

Recommendation

Run fix or token-rotation commands only when you intend to change authentication, and consider backing up the OpenClaw config first.

Low

#ASI06: Memory and Context Poisoning

What this means

Saved reports may contain security findings or file locations that reveal where secrets are stored.

Why it was flagged

Reports are generated with secret-scan information included and can be saved to a user-specified file, creating a persistent artifact that may contain sensitive findings.

Skill content

report = generate_report(format=args.format, deep=args.deep, include_secrets=True) ... Path(args.output).write_text(output)

Recommendation

Store reports securely, delete them when no longer needed, and redact sensitive details before sharing.