OpenClaw Security Auditor
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-security-auditor Version: 1.0.0 The OpenClaw Security Auditor skill is designed to audit local OpenClaw configurations for security risks. All documentation and the `SKILL.md` pseudo-flow explicitly state that the skill operates locally, strips all secrets before analysis, and makes no external network calls. It uses standard binaries (`cat`, `jq`) for their intended purpose of reading and parsing local configuration files. There is no evidence of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection attempts against the agent in any of the provided files; instead, the documentation consistently emphasizes privacy and security.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may inspect files containing credentials or account configuration, even if the intended report only includes redacted metadata.
The skill is explicitly designed to read an OpenClaw configuration file that may contain API keys, gateway tokens, and integration credentials. This is purpose-aligned for a security audit, and the skill says to strip secrets, but users should recognize that sensitive configuration is being accessed.
Read config with standard tools (`cat`, `jq`). ... default: ~/.openclaw/openclaw.json ... API keys hardcoded in config ... Weak or missing gateway authentication tokens
Run it only against the intended OpenClaw config, verify the report does not include secret values, and prefer a local model if the config contains sensitive operational details.
Even without raw secrets, the generated findings can reveal security posture such as missing auth, public gateway binding, or unrestricted tools to the configured LLM provider.
The skill says audit findings are passed to the user's LLM and names cloud-capable providers, but also states local-only/no-network behavior. That leaves unclear whether security metadata is sent to an external provider.
Pass findings to the user's LLM via OpenClaw's normal agent flow. ... Uses the user's existing OpenClaw LLM configuration (Opus, GPT, Gemini, and local models). ... Use local-only execution; no network calls.
The skill should clearly state that findings may be sent to the configured LLM provider unless a local model is used, and should offer a local-only or user-confirmed mode for sensitive audits.
Users may install or run the audit under the mistaken belief that no configuration-derived information can be shared with a model provider.
The privacy answer could mislead users: if their configured LLM is Opus, GPT, Gemini, or another hosted model, audit metadata may leave the machine even though the documentation says no data is sent anywhere.
Does this send my data anywhere? No. The skill runs entirely on your local OpenClaw instance and uses your existing LLM configuration. ... Whatever your OpenClaw instance already uses (Opus, GPT, Gemini, local models, and others).
Revise the privacy language to distinguish 'no additional API keys or services' from 'no external transmission,' and disclose the exact data sent to the configured LLM.