Firm Security Audit
v1.0.0Audit de sécurité proactif des déploiements OpenClaw. Détecte et remédie aux 4 gaps critiques/hauts identifiés dans openclaw/openclaw : SQL injection (C1), s...
⭐ 0· 300·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is clearly an OpenClaw-focused security audit and the embedded metadata references mcp-openclaw-extensions >= 2.0.0 which is coherent. However the instructions assume the presence of runtime tools (openclaw_security_scan, openclaw_sandbox_audit, firm_export_slack_digest, etc.) and an 'openclaw' CLI for CI usage while the registry metadata and requirements list no declared binaries or credentials. The lack of declared runtime dependencies (CLI/tools) is unexpected for a tool-driven audit.
Instruction Scope
The SKILL.md directs the agent/operator to read and modify local files and paths (config.yaml, docker-compose.yml, .env, /etc/openclaw/session.secret) and to run scans against code paths and endpoints. It also includes automated remediation snippets and an automatic Slack dispatch step. Those actions involve reading potentially sensitive files and making persistent changes; the skill does not document authorization, safety checks, or a read-only audit mode.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes installer risk. There are no downloads or archive extracts. However, runtime behavior depends on external tools that are not declared in the registry metadata.
Credentials
The instructions require reading env files and performing actions that will access secrets (SESSION_SECRET in .env) and send results to Slack, but the skill declares no required environment variables, webhooks, or tokens. Requiring access to .env files and an outbound notification channel without declaring or requesting corresponding credentials is disproportionate and could lead to unexpected secret access or accidental exfiltration.
Persistence & Privilege
always is false and the skill does not claim to persist itself or change other skills' configs. It does propose making persistent system/config changes (writing session.secret, editing config.yaml) but that is presented as remediation steps for operators to apply — the skill itself does not request elevated platform privileges in metadata.
What to consider before installing
Before installing or running this skill: 1) Verify provenance — the source is unknown and there is no homepage or maintainer contact; prefer skills from vetted authors. 2) Confirm that the runtime tools the SKILL.md names (openclaw_security_scan, openclaw_sandbox_audit, firm_export_slack_digest, and the openclaw CLI) actually exist in your environment or are listed as required dependencies; ask the author for an explicit dependency list. 3) Treat the remediation snippets as suggestions only: review and test them in staging — they modify configs and may require root privileges (writing /etc/openclaw/session.secret). 4) Provide Slack/webhook credentials deliberately and separately if you want alerting; the skill does not declare or request them, so automatic dispatch could fail or — worse — be misconfigured. 5) If you plan to run scans that read .env or compose files, ensure the operator/agent has authorization to access those secrets and consider running in read-only mode first. 6) Given the unknown source, consult a human security reviewer before using this skill against production systems. Providing the skill's author, repository, or a verified package of the referenced tools would raise confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk973vrbe3pfs1zddj20cqvk91h82268a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.