Firm Security Audit
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: firm-security-audit Version: 1.0.0 The skill bundle is designed for proactive security auditing, addressing known vulnerabilities in OpenClaw deployments. It orchestrates calls to various audit tools (`openclaw_security_scan`, `openclaw_sandbox_audit`, etc.) and includes a step to send critical findings to a Slack channel via `firm_export_slack_digest`. All file access (e.g., config files, Docker Compose) and network communication (Slack alerts) are directly aligned with the stated purpose of a security audit and alerting. There is no evidence of prompt injection attempting to subvert the agent's behavior, exfiltrate arbitrary data, or execute malicious commands beyond the scope of the audit. The skill aims to identify and remediate vulnerabilities, not introduce or exploit them.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive vulnerability details or configuration-derived information could be posted to a Slack channel automatically.
The skill checks local environment/config files and then instructs the agent to automatically send the audit results to Slack, with no redaction, recipient validation, or confirmation step described.
"env_file_path": "/path/to/.env" ... "tool": "firm_export_slack_digest" ... "content": "<résultats de l'audit>", "channel": "#security-alerts"
Require explicit user approval before sending any report, redact secrets and file contents, limit the Slack channel and bot scope, and send only the minimum necessary summary by default.
An agent following the skill too literally could change gateway exposure, configuration files, or running containers in a way that disrupts service.
The remediation guidance encourages immediate network/deployment changes based on audit outputs, but does not define an explicit approval, backup, dry-run, or rollback process.
Si CRITICAL (funnel actif sans rate limiter) : appliquer `fix_nginx` ou `fix_caddy` **immédiatement** ... Désactiver Funnel et appliquer Nginx/Caddy immédiatement ... Appliquer fix + redémarrer le container
Make remediation a separate, user-confirmed step; require a diff, backup, target path confirmation, and rollback instructions before changing deployment files or service state.
The agent may post messages using a Slack bot or user identity, potentially to a team-visible channel.
Posting security alerts to Slack is purpose-aligned, but it implies delegated Slack workspace authority that users should verify before enabling.
firm_export_slack_digest — notification équipe si CRITICAL trouvé
Use a dedicated low-privilege Slack app, restrict it to the intended channel, and document the credential/source of that authority.
The safety of the skill depends on tools that are not included in the reviewed artifact.
The skill depends on an external MCP extension and tool implementations, but the supplied package has no install spec or code to review.
requires:
- mcp-openclaw-extensions >= 2.0.0Install the extension only from a trusted source, pin an exact reviewed version, and review the MCP tool behavior before granting it deployment or Slack access.