AuditClaw Github

Type: OpenClaw Skill Name: auditclaw-github Version: 1.0.2 The OpenClaw skill 'auditclaw-github' is designed for GitHub compliance evidence collection, performing read-only API calls and storing results in a local SQLite database (`~/.openclaw/grc/compliance.sqlite`). The `SKILL.md` and `README.md` clearly state its purpose, required read-only GitHub token permissions, and local data storage. The Python scripts (`scripts/github_evidence.py` and `scripts/checks/*.py`) consistently perform read-only GitHub API operations and use parameterized queries for SQLite interactions, preventing SQL injection. While `scripts/github_evidence.py` uses `subprocess.run` to interact with another local OpenClaw skill (`auditclaw-grc/scripts/db_query.py`), the arguments passed are controlled and structured (e.g., file paths, JSON strings), mitigating shell injection risks. There is no evidence of intentional data exfiltration to unauthorized external endpoints, unauthorized remote control, persistence mechanisms, or malicious prompt injection attempts against the agent. The skill's behavior is transparent and aligns with its stated security auditing purpose.