Agent Runtime Security
WarnAudited by ClawScan on May 11, 2026.
Overview
The skill is mostly coherent security-hardening guidance, but one included script embeds strings it explicitly calls real keys, which is unsafe for a published security package.
Treat this as a review-required skill. Its security advice is largely coherent, but the included script appears to contain real credential strings. Before installing or copying its files, ask the maintainer to remove and rotate those secrets, then review any SOUL.md/system-prompt changes, cron entries, and Git history-rewrite commands before applying them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If those strings are active credentials or tokens, the package may expose account access or indicate poor credential hygiene by the maintainer.
The script is explicitly scanning for '真实密钥' / real keys, but the real key patterns themselves are embedded in the distributed artifact. That is credential-handling evidence inconsistent with a security-hardening skill.
real_keys=$(grep -r "cli_a9f1c3a7c\|diLMNYl2nzbL1nEtQNhjMeQp6rtQdzA7\|DHqybLBGCaINAWscdLkcGDGwn9g\|tbldoED8qoLnkpZC" "$skill_dir"
Do not rely on this package until the maintainer removes the literal secret values, replaces them with generic secret-detection patterns, and confirms the exposed credentials were rotated or revoked.
The agent may continue applying these command-execution rules in later sessions after the immediate setup task is complete.
The skill asks users to add persistent agent behavior rules. The content is security-oriented and purpose-aligned, but persistent prompt changes can affect future agent behavior.
Add this section to your SOUL.md or system prompt:
Review the SOUL.md/system-prompt text before adding it, and keep only the rules that match your intended agent behavior.
The security check can keep running automatically each week and modify permissions on OpenClaw workspace files.
The skill recommends a weekly cron job. This is disclosed and bounded to a local security-check script, but it is still persistent scheduled activity.
0 9 * * 1 ~/.openclaw/workspace/scripts/security-check.sh >> ~/.openclaw/workspace/logs/security-check.log 2>&1
Only add the cron entry after inspecting the script, and remove it from crontab if you no longer want scheduled checks.
Running these commands can rewrite repository history and affect collaborators or remote branches.
The README includes forceful Git history-rewrite and force-push commands as an emergency secret-cleanup procedure. This is purpose-aligned, but it is high-impact if used on a shared repository.
git filter-branch --force ... git push origin --force --all
Use the Git cleanup commands only when you understand the impact, have backups, and have coordinated with repository collaborators.