Skillv1.0.0

ClawScan security

AI Shield — OpenClaw Security Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 23, 2026, 10:08 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it reads local OpenClaw configs, runs a local Node.js audit/sanitizer, and does not request unrelated credentials or install remote code.
Guidance: This skill appears to do what it says: it analyzes and sanitizes local OpenClaw configuration files. Before installing, consider: (1) the tool will read files in your home directory (e.g., ~/.openclaw/openclaw.json) and any config you feed it — these often contain secrets, which the sanitizer attempts to redact but you should still review outputs before sharing; (2) the --live audit tries to run the local 'openclaw' CLI to fetch config — ensure that binary is trusted on your system; (3) the README mentions an optional paid remote audit service (ACP) — the included code does not perform remote uploads, but be cautious if the skill is extended or you opt into any remote/premium feature; (4) source and provenance are unknown in the registry metadata — if you require higher assurance, review the included JS files locally or run the audit in an isolated environment. Overall the package is coherent and appropriate for its stated purpose.

Review Dimensions

Purpose & Capability: okName/description (security audit) match the code and instructions: the CLI and library analyze an OpenClaw JSON, produce a risk report, and can sanitize secrets. The only minor mismatch is the implicit reliance on a local 'openclaw' CLI when using --live (execSync('openclaw config.get')), which is reasonable for a live-audit feature but not declared in SKILL.md's requirements.
Instruction Scope: okSKILL.md instructs the agent to read the user's OpenClaw config (file or stdin) and run the included audit/sanitize tools. The runtime instructions and code consistently operate on local files and stdin; they do not instruct the agent to read unrelated system paths or to exfiltrate data to external endpoints. Reading the user's config (which may contain secrets) is expected for an audit tool.
Install Mechanism: okNo install spec is provided (instruction-only install), and the packaged files are pure Node.js scripts. Nothing is downloaded or extracted at install time. This is a low-risk install model consistent with the skill's stated function.
Credentials: okThe skill declares no required environment variables or credentials and the code does not expect any hidden tokens. The sanitizer contains many regexes to detect common secret formats (AWS, GitHub, private keys, etc.), which is appropriate for a sanitizer/audit tool. There are no unrelated credential requests.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. It can be invoked autonomously (disable-model-invocation:false) which is the platform default; this combined with the skill's limited scope is not excessive.