OpenClaw LLM Tools
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a local LLM tool-schema registry and converter with no evidence of exfiltration or persistence, though users should be careful with handler execution examples.
Install this only if you need a local utility for LLM tool definitions and format conversion. Run it on files you choose, avoid copying the eval example, pin dependencies if needed, and add stronger validation and confirmations before exposing side-effectful tools to an LLM.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user registers a tool handler that changes files, calls APIs, or performs other side effects, model-supplied arguments could trigger that behavior.
The registry executes registered Python handlers after basic argument checks. This is central to the skill's purpose, but it means safety depends on only registering trusted, well-scoped handlers.
return tool.handler(**arguments)
Use trusted handlers only, add explicit user confirmation for high-impact actions, and consider full JSON Schema validation before executing tool calls.
A copied eval-based tool could execute arbitrary Python expressions if exposed to model-generated or user-controlled arguments.
The documentation shows eval as an optional example handler. It is not executed by the included code by default, but it is unsafe if copied for untrusted input.
handler=lambda expr: eval(expr) # 可选
Do not use eval for calculator or expression tools; use a safe parser, allowlist, sandbox, or dedicated math library.
Future installations could pull a different compatible dependency version than the one originally tested.
The dependency is specified as an open version range rather than an exact pinned version. This is common, but installs may resolve different package versions over time.
jsonschema>=4.0.0
Pin dependency versions or use a lockfile if reproducibility and supply-chain review are important.