Back to skill
Skillv1.0.2
ClawScan security
OpenClaw Security Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 4:50 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requests and behavior are consistent with a local security-audit tool for OpenClaw, but it performs high-privilege, wide-reaching read operations and exposes optional external features (Git push, Telegram) that you must explicitly enable — review and enable those cautiously.
- Guidance
- This skill appears to be a legitimate high-privilege audit tool, but it carries inherent sensitivity because it reads many system files and process environments. Before installing or running: (1) review the full script contents yourself (or have a trusted reviewer) because it runs many system inspections; (2) do not enable Git/Telegram options unless you understand what will be committed or sent (these are opt-in but will transmit data to remote endpoints if enabled); (3) run audits on systems you own/trust and avoid running as root unless needed (script will warn if root); (4) consider running in an isolated/test environment first to verify outputs; (5) if you need higher assurance, ask the author for reproducible build provenance or a signed release. Confidence is medium because the provided code was only partially visible in the prompt — review the full shipped script before trusting it with sensitive systems.
Review Dimensions
- Purpose & Capability
- okThe skill name/description (OpenClaw security audit) aligns with its actions: reading system state, OpenClaw workspace, process env, ports, cron, file hashes, and producing reports. The declared required commands in SECURITY.md (ss, top, systemctl, journalctl, last, df, find, etc.) match the checks described.
- Instruction Scope
- noteSKILL.md directs running the included Python script which performs many read-only system inspections (/etc, ~/.ssh, /proc/{pid}/environ, listening ports, process lists, file hashes). These actions are within audit scope, but SKILL.md also documents opt-in features that perform writes/network activity (Git commits/pushes and Telegram notifications) — the top-level description initially states 'All operations are read-only and local-only', which is misleading without reading the later opt-in details.
- Install Mechanism
- okNo install spec or external downloads; the skill is distributed with a bundled Python script and docs. This is lower risk than remote fetch/install mechanisms.
- Credentials
- noteMetadata lists no required environment variables (none mandatory). SKILL.md and the script read optional env vars (SECURITY_AUDIT_ENABLE_GIT, SECURITY_AUDIT_ENABLE_TELEGRAM, TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, OPENCLAW_STATE_DIR). These are reasonable for opt-in features, but the skill will read process envs and files that can contain secrets — acceptable for an audit tool but sensitive. The skill does not require external API credentials by default.
- Persistence & Privilege
- okThe skill does not request persistent always-on privilege and is user-invocable. It requires elevated filesystem/process read privileges to be effective (expected). Optional Git backup will write/commit to the user's repo only if enabled.