ClawHub

Firm Platform Audit Pack

v1.0.0

Platform alignment audit pack for OpenClaw 2026.2. Secrets v2, agent routing, voice security, trust model, autoupdate, plugin SDK, content boundaries, and sq...

0· 271·1 current·1 all-time
by@romainsantoli-web
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description align with an audit pack for OpenClaw 2026.2. The SKILL.md lists audit tools (secrets, routing, voice, trust, autoupdate, plugin SDK, content boundaries, sqlite-vec) and declares mcp-openclaw-extensions >= 3.0.0 as a requirement; these tools are plausibly provided by that extension. There are no unrelated credentials or binaries requested.
Instruction Scope
Instructions are minimal and simply show invoking audit commands with a config_path argument. That is coherent for an audit pack, but running these checks will require access to platform config files (which may contain secrets or sensitive settings). The SKILL warns that content was AI-generated and needs human validation — follow that guidance.
Install Mechanism
There is no install spec and no code files (instruction-only). This minimizes on-disk installation risk. The declared dependency on mcp-openclaw-extensions is reasonable for this purpose but you should obtain that extension from a trusted source.
Credentials
The skill does not request environment variables or credentials (none declared). However, it operates by taking a config_path — the config you point it at could contain secrets. That is expected for an audit tool, but you should be deliberate about which config files you provide.
Persistence & Privilege
Defaults are normal (always: false, agent invocation allowed). The skill does not request elevated/persistent platform presence or modify other skills. No persistence concerns are evident from the SKILL.md.
Assessment
This instruction-only audit pack appears coherent with its stated purpose, but the source/homepage is missing. Before using: (1) confirm mcp-openclaw-extensions >=3.0.0 comes from a trusted repository and matches the expected vendor, (2) run the checks on a copy or non-production config if those files contain secrets, (3) review the actual implementation of the extension/tools if possible (the SKILL contains no code itself), and (4) treat AI-generated content as guidance only — validate results and outputs before making platform changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk977y4vptvf70gdmzpw4edkg8s822rkj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments