Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Xerg
v0.1.10Audit OpenClaw workflows in dollars. Local-first audits with compare mode, remote and Railway support, CI gates, and structured recommendations.
⭐ 0· 143·0 current·0 all-time
byJason Curry@jasonacurry
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the instructions: the skill is an instruction-only wrapper telling the agent to run the external @xerg/cli (or npx). Asking to read gateway logs and session transcripts is consistent with an auditing tool. Minor inconsistency: registry metadata lists no source/homepage while README and SKILL.md claim an npm package and GitHub repo; that should be verified externally.
Instruction Scope
The runtime instructions explicitly direct reading local files (/tmp/openclaw/*.log and ~/.openclaw/agents/*/sessions/*.jsonl) and support copying remote files over SSH or Railway. Those session transcripts can contain user prompts/responses and sensitive data. The skill asserts 'stores economic metadata and audit snapshots locally, not prompt or response content,' but it also instructs reading transcripts — the SKILL.md does not explain how prompts/responses are filtered or what exactly is sent when using --push. The push path is user-triggered, but lack of clear data-sanitization rules is a scope concern.
Install Mechanism
Instruction-only skill with no install spec or bundled code — lowest install risk. It simply instructs usage of an external CLI (npm package @xerg/cli) via npx if not installed. That external dependency is normal but outside this skill's bundle.
Credentials
The skill declares no required env vars. It does document optional credentials for pushing (XERG_API_KEY, ~/.xerg/config.json, or xerg login), which are appropriate for the push/CI use case. Because push transmits data to an external API, requiring an API key is proportionate but worth verifying (who receives data, what is transmitted).
Persistence & Privilege
always:false and no install actions; the skill does not request persistent platform privileges. It mentions local storage of snapshots/config under ~/.xerg, which is reasonable for a CLI, but this is user-controlled and not enforced by the skill itself.
What to consider before installing
This skill appears to be a local-first audit wrapper for an external CLI and largely behaves as described, but take these precautions before installing or using it: 1) Verify the upstream package/repository (README points to npm/@xerg/cli and github.com/xergai/xerg) because the registry entry here lacks source/homepage. 2) Inspect what the CLI would send on --push: do not use --push or store XERG_API_KEY if your logs/sessions contain sensitive prompts, secrets, or PII. 3) If you must audit, run xerg doctor with explicit --log-file and --sessions-dir paths (avoid broad home/glob paths) and inspect local snapshots (~/.xerg) to confirm they contain only aggregated economics metadata. 4) For remote audits, prefer running the CLI directly on the remote host or review the remote-config and rsync commands to ensure private keys/credentials are not copied to third parties. 5) If you plan to install the npm package, review its repository and package contents (or run npx with caution) to confirm behavior and data flows. If you want, I can try to fetch and summarize the GitHub/npm sources (if publicly available) so you can confirm the implementation matches the documentation.Like a lobster shell, security has layers — review code before you run it.
auditvk97bytgc5npmspzyrmw8rzxw7x84ax7tclivk97bytgc5npmspzyrmw8rzxw7x84ax7tcostvk97bytgc5npmspzyrmw8rzxw7x84ax7tefficiencyvk97bytgc5npmspzyrmw8rzxw7x84ax7tfinopsvk97bytgc5npmspzyrmw8rzxw7x84ax7tlatestvk97bytgc5npmspzyrmw8rzxw7x84ax7topenclawvk97bytgc5npmspzyrmw8rzxw7x84ax7twastevk97bytgc5npmspzyrmw8rzxw7x84ax7t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.