Auto Skill Scanner
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: auto-skill-scanner Version: 1.0.4 The skill functions as an automated security scanner but employs high-risk behaviors including programmatic persistence and sensitive data discovery. It reads 'sessions.json' to extract active communication channels and uses 'subprocess.run' to register itself as a recurring 24-hour cron job via the 'openclaw' CLI. While these actions align with the stated goal of automated reporting, the broad access to session configurations and the self-scheduling persistence mechanism are high-privilege operations typical of monitoring tools that could be repurposed for unauthorized data collection. Files involved: scripts/scan_and_report.py and scripts/skill_audit.py.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After first activation, the scanner can keep running automatically and sending reports until the cron jobs are removed.
The script creates recurring OpenClaw cron jobs that continue running daily after activation. This persistence is disclosed in SKILL.md and is purpose-aligned with daily monitoring.
'openclaw', 'cron', 'add', '--every', '24h', '--session', 'isolated', '--message', f'Run Auto Skill Scanner. Execute: python3 {script_path}'Install only if you want ongoing daily monitoring, and review or remove the created OpenClaw cron jobs when you no longer need the scanner.
Security summaries, including installed skill names and issue categories, may be sent to every discovered active channel.
The skill discovers active delivery channels from OpenClaw session configuration and later uses them as report destinations.
sessions_file = Path.home() / '.openclaw' / 'agents' / 'main' / 'sessions' / 'sessions.json' ... entry = {'channel': channel, 'to': to}Make sure your active Telegram/Feishu/OpenClaw channels are appropriate for receiving security reports, especially if any are shared or public.
The skill may fail or behave differently if Python or the OpenClaw CLI is unavailable, even though the registry requirements do not list them.
The script depends on the local openclaw CLI, while the registry metadata declares no required binaries or install spec. This is a visibility/packaging note, not evidence of malicious behavior.
result = subprocess.run(['openclaw', 'cron', 'list'], capture_output=True, text=True, timeout=10)
Verify Python 3 and the OpenClaw CLI are present before relying on the scanner.