Skillv1.0.0

ClawScan security

Security Audit for OpenClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 6:54 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly implements an observer-style OpenClaw audit, but internal inconsistencies (blocking semantics, log/config paths) and a few implementation rough edges could cause unexpected behavior or surprise actions (live gateway probes, --fix changes) and should be clarified before installing.
Guidance: This skill is plausibly the audit tool it claims to be, but review and clarify a few things before installing or enabling it: - Confirm blocking semantics: SKILL.md says 'does not block' but the audit guide describes a 'blocked_soft' behavior — decide which behavior you want and ensure the agent follows only that. Unexpected blocking or prompting can break workflows. - Verify log/config paths: docs use both `logs/` and `memory/` paths; the scripts write to workspace/logs/security-audit.log. Make sure this path is acceptable and that the relative path resolution (SCRIPT_DIR/../../..) will not cause writes outside your intended workspace in your deployment layout. - Treat --deep and --fix carefully: `--deep` may perform live probes of your gateway (network activity). `--fix` will attempt to change permissions/config — run only in an environment where automated changes are safe and after code review. - Notifications: the scripts do not themselves send messages; SKILL.md expects the agent to call the platform `message` tool based on config. Confirm the OpenClaw config tokens/credentials used for messaging are stored and accessed securely. - Test in a sandbox first: run the scripts manually in a controlled environment to confirm where logs are created and what `openclaw security audit` does in your setup. If these inconsistencies are fixed (unify the docs and scripts, remove contradictory blocking guidance, and clearly document where logs live and when the skill modifies config), the skill looks coherent and appropriate for its stated purpose.

Review Dimensions

Purpose & Capability: noteOverall the requested files and scripts align with a security-audit purpose: config audit delegates to the native `openclaw` CLI, logging and reporting operate on local log files, and notification is delegated to the platform's message tool. Asking for no external credentials and no unusual binaries is proportional. Note: the script `audit_config.sh` will call `openclaw security audit` (expected) and `--deep` can probe the live gateway (network activity).
Instruction Scope: concernSKILL.md repeatedly states the skill is observer-only and 'Does not block', but references/audit-guide.md contains a 'Per-Action Soft Check' that tells the agent to 'Decline or request explicit confirmation' and to log `blocked_soft` for CRITICAL actions. That's a direct contradiction in runtime behavior and could make agents either block or not block depending on which instruction is followed. There are also inconsistent paths across documents: some docs reference memory/security-audit.log or memory/security-audit-config.json, while the scripts use logs/security-audit.log. The skill also documents `--fix` which will attempt to apply fixes (chmod/config changes) — that is an active change and not pure observation, so it must be treated as higher-privilege.
Install Mechanism: okInstruction-only install with included scripts; there is no network download/install step or external package install. This is low risk from an install-mechanism perspective.
Credentials: noteThe skill requests no env variables or credentials, which is appropriate. It does rely on platform tooling (the `message` tool) and the OpenClaw CLI when present. Config references indicate it will read OpenClaw config fields (tokens, gateway settings) during a config audit — that's expected for this purpose, but you should confirm that the agent has permission to read those config files and that secrets in configs are handled properly. Notification channels mentioned will depend on whatever the OpenClaw config exposes (tokens can be present there).
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It creates and writes to a local log file under the workspace (logs/security-audit.log) and suggests optionally scheduling periodic audits via cron — both are reasonable for an audit skill. Be aware `--fix` mode modifies config/permissions if used.