Firm Ecosystem Audit Pack
v1.0.0Ecosystem differentiation audit pack. MCP firewall, RAG pipeline, sandbox exec, context health, provenance tracking, cost analytics, and token budget optimiz...
⭐ 0· 279·1 current·1 all-time
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (ecosystem audits: MCP firewall, RAG, sandbox, provenance, cost, token budget) matches the SKILL.md content. The SKILL.md declares a dependency on mcp-openclaw-extensions >= 3.0.0 which plausibly provides the listed openclaw_* audit tools.
Instruction Scope
SKILL.md is an instruction-only wrapper that expects seven platform tools (openclaw_*). It does not itself ask the agent to exfiltrate secrets, but usage examples show passing config_path and session_data — the skill assumes those tools will read files/inputs. The instructions are terse and leave execution detail to the external extension, so a human should verify exactly what each tool reads or runs (especially sandbox_exec and firewall checks).
Install Mechanism
No install spec or code files are included (lowest installer risk). The only declared requirement is mcp-openclaw-extensions >= 3.0.0 in SKILL.md metadata; the skill is effectively a manifest that delegates actual behavior to that extension.
Credentials
The skill requests no environment variables, credentials, or config paths itself. Example usage references a config_path provided by the user — reasonable for an audit tool, but the real access/control depends on the external extension's behavior.
Persistence & Privilege
always is false, agent invocation is permitted (platform default). The skill does not request persistent presence or modify other skills; no elevated persistence privileges are declared.
Scan Findings in Context
[regex-scanner-no-findings] expected: The static scanner found nothing because this is instruction-only (no code files). This is expected; absence of findings does not prove safety — the actual behavior depends on the referenced mcp-openclaw-extensions.
Assessment
This skill is a manifest that calls seven platform audit tools provided by an external extension (mcp-openclaw-extensions >= 3.0.0). Before installing or running it: (1) Verify you have and trust the mcp-openclaw-extensions package (review its code or vendor/source). (2) Confirm what each openclaw_* tool does and what files/paths it will read or execute — the SKILL.md is terse and delegates behavior. (3) Be cautious when supplying config_path or session_data (they may contain secrets); only point to files you expect an audit to read. (4) If sandbox_exec or firewall-check tools can execute code or change policies, restrict their permissions or run in an isolated environment and perform a human review of results. If you cannot review the external extension or cannot trust its source, do not enable this skill.Like a lobster shell, security has layers — review code before you run it.
latest
firm-ecosystem-audit-pack
⚠️ Contenu généré par IA — validation humaine requise avant utilisation.
Purpose
Audits ecosystem differentiation features: MCP tool call firewall policies, RAG pipeline integrity, sandbox execution security, context window health, SHA-256 provenance tracking, cost analytics, and token budget optimization.
Tools (7)
| Tool | Description | Severity |
|---|---|---|
openclaw_mcp_firewall_check | MCP tool call firewall policy validation | HIGH |
openclaw_rag_pipeline_check | RAG pipeline integrity audit | HIGH |
openclaw_sandbox_exec_check | Sandbox execution security | HIGH |
openclaw_context_health_check | Context window health monitoring | MEDIUM |
openclaw_provenance_tracker | SHA-256 append-only provenance chain | MEDIUM |
openclaw_cost_analytics | Session cost analytics | MEDIUM |
openclaw_token_budget_optimizer | Token budget optimization | MEDIUM |
Usage
skills:
- firm-ecosystem-audit-pack
# Run ecosystem audit:
openclaw_mcp_firewall_check config_path=/path/to/config.json
openclaw_rag_pipeline_check config_path=/path/to/config.json
openclaw_cost_analytics session_data='{"model":"claude-4","tokens_in":1000}'
Requirements
mcp-openclaw-extensions >= 3.0.0
Comments
Loading comments...