ClawHub

Jason's OpenClaw Security Scanner

v1.0.0

扫描 OpenClaw 配置权限和安全隐患。当用户提到"安全扫描"、"权限检查"、"安全检查"、"扫描权限"、"检查配置安全"时使用此技能。输出具体漏洞内容、安全评分和修复建议,支持交互式一键修复。

0· 193·0 current·0 all-time
by@ithacajason
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description claim a local OpenClaw security scanner; the skill includes a Python scanner that inspects OpenClaw config, workspace files, operation rules, permissions and sensitive data and offers fixes — these requirements are coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run the included script and describes scanning of configuration files, directory permissions, operation rules and sensitive data. The script walks the user's workspace (~/.openclaw/workspace) and reads many files — this is expected for a scanner but means the skill will read potentially large amounts of local data. Fix actions (chmod, config edits, moving secrets to env vars, adding rules) are supported and are invoked explicitly via --interactive or --fix-all; ensure you understand which fixes will be applied.
Install Mechanism
No install spec; this is an instruction-only skill with one Python script. No external downloads or package installs are requested.
Credentials
The skill requires no environment variables or external credentials. It does suggest moving discovered secrets into environment variables as a remediation, which is reasonable for the purpose but not requested by the skill itself.
Persistence & Privilege
The skill is not always-enabled. It can modify local files when run with --interactive or --fix-all (auto-fix types include chmod, config updates, adding rules, and setting env vars). That file-modification ability is coherent with a remediation tool, but you should be aware it can change config and filesystem state when invoked.
Assessment
This skill appears to be what it says: a local OpenClaw configuration and permission scanner that can also apply fixes. Before running: (1) review the script source if you are unsure; (2) run in read-only mode first (no --fix-all) to review findings; (3) prefer the interactive mode so you can approve each change; (4) back up important configuration files (e.g., openclaw.json, TOOLS.md) before using automatic fixes; (5) be cautious about any automated move of secrets into environment variables — ensure your environment management is secure. If you plan to let an autonomous agent call this skill, note it can modify files when invoked with fix flags, so restrict autonomous invocation or require explicit user confirmation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97216hmrw3e4s37qd3e9dg5fd82ztkwopenclawvk97216hmrw3e4s37qd3e9dg5fd82ztkwscannervk97216hmrw3e4s37qd3e9dg5fd82ztkwsecurityvk97216hmrw3e4s37qd3e9dg5fd82ztkw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments