ClawCheck
v2.0.1Performs a two-phase audit combining a fast deterministic scan and a deep LLM quality review of security, cron jobs, config, and skills.
⭐ 0· 76·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name/description match its contents: SKILL.md and included scripts/audit.py perform structural scans and LLM-guided reviews of OpenClaw config, cron, and skills. Declared requirement (python3) matches the provided Python script. No unrelated binaries, env vars, or network downloads are requested.
Instruction Scope
Runtime instructions explicitly tell the agent to run the included script and to read ~/.openclaw/openclaw.json, cron/jobs.json, and skill SKILL.md files for Phase 2 reviews. These reads are within scope for an audit. Note: Phase 2 intentionally examines workspace/skill files and may surface sensitive content (inline secrets, tokens) — this is by-design for a secrets audit.
Install Mechanism
No install spec or remote downloads; this is instruction-only with a bundled Python script. The script uses only stdlib. No extract-from-URL or third-party package installation is present.
Credentials
The skill declares no required environment variables or credentials and only expects python3. The script will read OPENCLAW_DIR / OPENCLAW_STATE_DIR if set (reasonable for locating config). The remediation docs reference 1Password examples but the skill does not demand any secret/provider variables itself.
Persistence & Privilege
always:false (normal). disable-model-invocation:false (agent may invoke autonomously) — this is the platform default. Because the skill instructs reading local configs and workspace files, granting an agent autonomous invocation could expose local secrets if the agent is allowed to exfiltrate data; this is an operational consideration rather than an incoherence in the skill itself.
Assessment
This skill appears internally consistent for performing a local OpenClaw audit, but it intentionally reads configuration, cron job definitions, skill SKILL.md files, and workspace content — some of which can contain sensitive secrets. Before installing or running a full audit: (1) review scripts/audit.py locally to confirm behavior (it's stdlib-only and outputs JSON); (2) run Phase 1 (python3 scripts/audit.py) first to get deterministic findings without using your LLM quota; (3) when performing Phase 2, be mindful that the agent will read potentially sensitive files — avoid granting network or export privileges to the agent if you do not want findings sent off-host; (4) consider running the audit in an isolated environment or after removing/masking known secrets; and (5) if you use autonomous agent invocation, review agent policies/permissions to limit unintended data exfiltration.Like a lobster shell, security has layers — review code before you run it.
auditvk97ez1wr1q7eaajk3d5dv79hd583jdeqconfigvk97ez1wr1q7eaajk3d5dv79hd583jdeqcronvk97ez1wr1q7eaajk3d5dv79hd583jdeqdoctorvk97ez1wr1q7eaajk3d5dv79hd583jdeqhealthvk97ez1wr1q7eaajk3d5dv79hd583jdeqlatestvk97ez1wr1q7eaajk3d5dv79hd583jdeqopenclawvk97ez1wr1q7eaajk3d5dv79hd583jdeqqualityvk97ez1wr1q7eaajk3d5dv79hd583jdeqsecurityvk97ez1wr1q7eaajk3d5dv79hd583jdeqskillsvk97ez1wr1q7eaajk3d5dv79hd583jdeq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.