Openclaw Security Audit
Security checks across malware telemetry and agentic risk
Overview
This is a coherent read-only security-audit skill, but it will inspect local system configuration, logs, processes, and possible secret locations.
This skill appears appropriate for a security review, but it inspects sensitive local system details. Run it only in an authorized environment, keep the report private unless reviewed, and approve remediation commands only after checking exactly what they will change.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can reveal process lists, open ports, service logs, and privileged binaries in the audit report.
The skill documents shell-based host inspection commands. These are read-only and purpose-aligned for a security audit, but they expose broad local system state to the agent.
`ss -tulpen`; `ps aux | grep -i openclaw-gateway`; `journalctl -u openclaw-gateway --no-pager -n 200`; `find / -perm -4000 -type f 2>/dev/null | head -n 200`
Run it only on machines you own or administer, review the generated report before sharing it, and require confirmation for any remediation commands.
The skill may identify where tokens, environment files, or backups are stored and include those paths in its output.
The audit intentionally looks for credential and secret-storage risks. The artifact includes safeguards to avoid reporting secret values, but the workflow still touches sensitive areas.
Check for plaintext secrets locations: `~/.openclaw/` directories; `.env` files, token dumps, backups ... Report only **paths**, never contents.
Do not share the report publicly without reviewing it, and ensure any discovered secret paths or exposed tokens are handled according to your security process.