v1.0.0

Threat Radar

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:03 AM.

Analysis

Threat Radar is broadly aligned with security monitoring, but it overstates its CVE-feed coverage and asks for broad local, network, and persistent monitoring authority that users should review carefully.

GuidanceReview this skill before installing. Do not rely on its vulnerability results as complete until the CVE feed implementation is fixed and coverage is clearly disclosed. If you use it, run scans only on authorized systems, protect its stored reports and database, and be cautious with cron scheduling and external chat alerts.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityHighConfidenceHighStatusConcern

threat_radar.py

# Mock NVD data (in production, parse actual NVD API) ... cve_data["github"] = {}

SKILL.md advertises automatic NVD and GitHub Advisory feeds and large CVE database counts, but the included fetch routine writes only a small hard-coded NVD sample and an empty GitHub dataset. That can make scan results look more authoritative than they are.

User impactYou could believe your stack was checked against current public CVE feeds when it was only compared against a small built-in sample, creating a false sense of security.

RecommendationTreat this as a demo or incomplete scanner until it implements real, current CVE feeds and clearly discloses coverage limits in reports.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

threat-radar scan --docker ... scan --deps <path> ... scan --ports ... scan --openclaw ... scan --exposed

The skill exposes broad local and network scanning functions. This is expected for a security posture scanner, but it can enumerate Docker images, dependency manifests, ports, OpenClaw configuration, and exposed services.

User impactRunning scans can reveal or map your local software, containers, and network services.

RecommendationRun it only on systems and networks you own or are authorized to assess, and review scan scope before using full scans.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

threat-radar cron-install            # Set up scheduled daily scans + CVE checks

The skill supports recurring scheduled scans. This is consistent with continuous monitoring and appears user-directed, but it means the scanner can keep running after the initial setup.

User impactIf enabled, scans may continue in the background and repeatedly access local/network inventory.

RecommendationEnable cron scheduling only if you want ongoing monitoring, and use the documented cron removal command when no longer needed.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.

The artifacts provide limited provenance and no clear installation mechanism for a tool that performs broad security monitoring. This is not proof of malicious behavior, but it lowers supply-chain confidence.

User impactIt may be harder to verify who maintains the scanner or how the documented CLI is meant to be installed and updated.

RecommendationReview the included code and provenance before trusting it with local security inventory.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

threat_radar.py

subprocess.run(["docker", "images", "--format", "{{.Repository}}:{{.Tag}} {{.ID}}"], capture_output=True, text=True, timeout=30)

The code enumerates local Docker images through the Docker CLI. This is purpose-aligned and read-only in the shown snippet, but Docker access can represent elevated local authority and exposes image inventory.

User impactA user or agent running this with Docker access may expose details about local containers and images.

RecommendationUse it under a trusted account, and avoid granting Docker access more broadly than needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

threat_radar.py

self.db_file = self.config_dir / "threat-radar.db" ... self.history_file = self.config_dir / "history.jsonl" ... package TEXT, version TEXT

The scanner persists scan data, CVE findings, package names, versions, watches, logs, and history under the OpenClaw workspace. This supports reporting but creates a local inventory of potentially sensitive security posture data.

User impactAnyone with access to those files may learn what software you run and which vulnerabilities were found.

RecommendationProtect the monitoring directory, avoid sharing reports or databases unintentionally, and delete stored history if you no longer need it.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusNote

SKILL.md

Alerts you via WhatsApp/Telegram/Discord when new vulnerabilities affect your stack.

Alerting through third-party messaging channels can transmit vulnerability and environment details outside the local workspace. This is disclosed and purpose-aligned, but the artifacts do not clearly define destination, token handling, or data-minimization boundaries.

User impactSecurity findings about your stack could be sent to external chat services if alerting is configured.

RecommendationUse only trusted alert channels, verify webhook or bot destinations, and avoid sending detailed inventory unless necessary.