Analysis
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: analysis Version: 1.0.0 The OpenClaw AgentSkills bundle is designed for system self-diagnosis and health checks, including security audits. All commands and instructions across `SKILL.md`, `checks.md`, `remediation.md`, and `tracking.md` are consistent with this stated purpose. The skill explicitly instructs the agent to prioritize security findings and to 'Never hit external APIs speculatively,' which is a strong indicator against malicious data exfiltration. While it uses powerful commands like `grep` to detect secrets and `chmod` to fix SSH key permissions, these are for vulnerability detection and remediation, not for malicious exploitation or unauthorized access. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection for harmful purposes, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could access or test sensitive account, token, SSH, and integration state while diagnosing the system.
The skill directs the agent to inspect or validate credential-backed services, bot tokens, SSH access, and local secret references. That is aligned with a health audit, but it is high-impact authority and the artifacts do not clearly bound which accounts, tokens, or servers may be used.
Keychain secrets referenced in secrets-registry.json actually exist; API tokens not expired (Cloudflare, Hetzner, etc.); ... Bot tokens valid (can authenticate); ... Server SSH connections working
Only allow credential and remote-access checks for specific services you approve, require read-only validation where possible, and ensure secret values are never displayed or stored.
An auto-fix could disrupt SSH access, move files the user expected to stay in place, restart services, or close active browser sessions.
The remediation guidance includes commands that change SSH permissions, move memory files, restart the gateway, and close browser sessions. These can be reasonable fixes, but the artifacts do not clearly require user approval before applying them or describe rollback/containment.
Auto-Fix Script Templates ... find ~/.ssh ... -exec chmod 600 ...; find memory/ ... -exec mv {} memory/archive/ \;; openclaw gateway restart; ... browser action=close targetId=<id>Treat findings as read-only by default and require explicit confirmation for each fix, especially file moves, service restarts, browser/session changes, and credential-related changes.
Health history could leave behind records about security findings, broken integrations, or operational state.
The skill can persist health-check history and status into local memory when enabled. This is purpose-aligned and opt-in, but system-health findings may still reveal sensitive operational details if retained too broadly.
Track each analysis run ... analysis-log.json ... findings ... auto_fixed ... user_action_required ... Write to `memory/health-status.md` after each run if user enables persistent tracking.
Enable persistent tracking only if you want this history saved, and prefer summaries that avoid secret values, exact tokens, private endpoints, or unnecessary operational details.
If enabled, checks may run periodically without a direct prompt each time.
The skill documents recurring heartbeat-based checks. This is explicitly opt-in, but it creates scheduled autonomous activity that should remain easy to disable and scope.
Quick checks can run on heartbeat if user opts in: heartbeat_analysis: true; heartbeat_analysis_interval: 4h
Only enable heartbeat analysis if you want recurring checks, set a reasonable interval, and keep the enabled checks limited to safe read-only diagnostics unless you approve fixes.