AuditClaw Idp
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may grant broader Google Workspace audit-log access than is necessary for the advertised checks.
The setup asks users to grant an additional Google Admin Reports audit-read scope even though the security model says only Directory user read access is used and the visible checks only require user/admin directory data.
Security Model: "Google Workspace uses `admin.directory.user.readonly` scope only." ... Grant OAuth Scopes: `https://www.googleapis.com/auth/admin.directory.user.readonly`; `https://www.googleapis.com/auth/admin.reports.audit.readonly`
Grant only the minimum Google scopes needed for the checks unless the skill actually implements and clearly documents audit-log collection.
If a highly privileged admin creates the token, that token may carry sensitive Okta account authority even though the skill only intends to read data.
The Okta token model can give the skill credentials with broader account authority than the read-only API calls shown in the code, depending on which admin creates the token.
"note": "Okta API tokens inherit the permissions of the admin who creates them. Use a read-only admin or Super Admin with care."
Create the Okta token from the least-privileged read-only admin role available, restrict its use to this skill, and rotate it if no longer needed.
Sensitive identity-security posture information may remain in the local GRC database after the scan.
The skill persistently stores identity-provider evidence, which can include user emails, MFA status, admin status, login activity, and policy details.
Data flow: Check results stored as evidence in `~/.openclaw/grc/compliance.sqlite` via auditclaw-grc
Protect the compliance database with appropriate filesystem permissions, backups, retention rules, and access controls.
Running the sweep changes the local compliance database by adding evidence and integration status records.
The skill invokes another local AuditClaw script to add evidence to the GRC database. The command is structured and purpose-aligned, but it is still a local tool chain that mutates persistent data.
cmd = [sys.executable, db_query, "--db-path", db_path, "--action", "add-evidence", ...] proc = subprocess.run(cmd, capture_output=True, text=True)
Run it only against the intended database path and confirm auditclaw-grc is the expected companion skill.
Users may need to manually inspect and install dependencies rather than relying on registry install metadata.
The registry-level install information does not fully reflect that SKILL.md describes executable Python scripts and a pip requirements file.
Install specifications: No install spec — this is an instruction-only skill.
Review scripts/requirements.txt before installing and prefer a virtual environment for the Python dependencies.