ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Security Audit

v1.0.2

⚠️ HIGH PRIVILEGE SECURITY AUDIT SKILL Performs comprehensive security auditing for OpenClaw deployments. Requires system-level access for legitimate securit...

0· 185·0 current·0 all-time
by@iaadoa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill name/description (OpenClaw security audit) aligns with its actions: reading system state, OpenClaw workspace, process env, ports, cron, file hashes, and producing reports. The declared required commands in SECURITY.md (ss, top, systemctl, journalctl, last, df, find, etc.) match the checks described.
Instruction Scope
SKILL.md directs running the included Python script which performs many read-only system inspections (/etc, ~/.ssh, /proc/{pid}/environ, listening ports, process lists, file hashes). These actions are within audit scope, but SKILL.md also documents opt-in features that perform writes/network activity (Git commits/pushes and Telegram notifications) — the top-level description initially states 'All operations are read-only and local-only', which is misleading without reading the later opt-in details.
Install Mechanism
No install spec or external downloads; the skill is distributed with a bundled Python script and docs. This is lower risk than remote fetch/install mechanisms.
Credentials
Metadata lists no required environment variables (none mandatory). SKILL.md and the script read optional env vars (SECURITY_AUDIT_ENABLE_GIT, SECURITY_AUDIT_ENABLE_TELEGRAM, TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, OPENCLAW_STATE_DIR). These are reasonable for opt-in features, but the skill will read process envs and files that can contain secrets — acceptable for an audit tool but sensitive. The skill does not require external API credentials by default.
Persistence & Privilege
The skill does not request persistent always-on privilege and is user-invocable. It requires elevated filesystem/process read privileges to be effective (expected). Optional Git backup will write/commit to the user's repo only if enabled.
Assessment
This skill appears to be a legitimate high-privilege audit tool, but it carries inherent sensitivity because it reads many system files and process environments. Before installing or running: (1) review the full script contents yourself (or have a trusted reviewer) because it runs many system inspections; (2) do not enable Git/Telegram options unless you understand what will be committed or sent (these are opt-in but will transmit data to remote endpoints if enabled); (3) run audits on systems you own/trust and avoid running as root unless needed (script will warn if root); (4) consider running in an isolated/test environment first to verify outputs; (5) if you need higher assurance, ask the author for reproducible build provenance or a signed release. Confidence is medium because the provided code was only partially visible in the prompt — review the full shipped script before trusting it with sensitive systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk973gb50rv27w9c7xpjcyvrws9831n9p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments