ClawHub
Back to skill
v1.0.0

Firm Runtime Audit Pack

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:15 AM.

Analysis

This looks like a benign, instruction-only runtime audit skill, with the main cautions being its external OpenClaw extension dependency and possible access to sensitive configuration files.

GuidanceBefore installing, verify the mcp-openclaw-extensions dependency and only run the audit tools against configuration files you intend to review. The artifacts do not show suspicious behavior, but runtime audit checks can touch sensitive deployment settings.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
requires:
  - mcp-openclaw-extensions >= 3.0.0

The skill depends on an external MCP extension that is not bundled or installed by the provided artifacts; this is purpose-aligned, but users should verify the dependency source and version.

User impactIf the wrong or untrusted extension is installed, the named audit tools could behave differently than expected.
RecommendationInstall only a trusted, reviewed version of mcp-openclaw-extensions and consider pinning or verifying the exact version before use.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
`openclaw_secrets_workflow_check` | Audit secrets handling in workflows | CRITICAL

The skill explicitly includes a secrets-handling audit, which is appropriate for its purpose but may require reading sensitive runtime or workflow configuration.

User impactRunning the audit against broad or sensitive config files could expose deployment details or secret-management metadata to the agent/tooling.
RecommendationRun the tools only against intended configuration files and avoid providing unnecessary secret-bearing files unless you trust the underlying extension.