ClawHub

OpenClaw Policy Check

v1.0.0

Scan repositories for risky security patterns before execution. Use when users ask for a quick preflight security check, policy enforcement scan, suspicious code triage, or detection of unsafe commands, secret leakage, and dangerous shell behavior.

0· 886·4 current·4 all-time
by@spbavarva
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (preflight policy scan) match the actual files and behavior: a Python script that walks a repo and applies regex-based rules. No unrelated credentials, tools, or capabilities are requested.
Instruction Scope
SKILL.md instructs the agent to run the included scanner against a target path. The script only reads files under the target (skips large files and common ignore dirs) and reports matches; it does not read unrelated system state or other config paths.
Install Mechanism
Instruction-only skill with a bundled script and no install spec. Nothing is downloaded or written to disk beyond normal execution of the included script.
Credentials
No environment variables, credentials, or config paths are requested. The script operates on user-supplied target_path only.
Persistence & Privilege
No forced persistence (always=false). agents/openai.yaml allows implicit invocation (normal for skills), but the skill does not modify other skills or system settings.
Assessment
This skill is coherent: it runs a local regex-based scan and prints findings. Before installing or running it, consider: (1) it reads repository files (including any secrets present) and will print snippets to stdout — run it on sensitive repos in a secure or isolated environment if you are worried about logs or agent transcripts; (2) the scanner is rule-based and may produce false positives/negatives—review the rules if you need tuned behavior; (3) because it prints detected snippets, do not forward its raw output to untrusted destinations; and (4) if you want to be extra cautious, inspect scripts/policy_check.py yourself (it is short and contains no network or write-side effects).

Like a lobster shell, security has layers — review code before you run it.

latestvk979ckm9errxywgbnceszzcz01813f13

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

OpenClaw Policy Check

Run a lightweight policy scan to catch common high-risk patterns in code and scripts.

Inputs

  • target_path (required): file or directory to scan.
  • fail_on (optional): severity threshold for non-zero exit. One of critical, high, medium, low.
  • json_output (optional): print raw JSON output.

Workflow

  1. Run scripts/policy_check.py on the target path.
  2. Review severity counts and top findings.
  3. If findings exist, prioritize critical and high items first.
  4. Suggest concrete fixes for each flagged pattern.

Commands

python3 scripts/policy_check.py "<target_path>"
python3 scripts/policy_check.py "<target_path>" --json
python3 scripts/policy_check.py "<target_path>" --fail-on high

Response Contract

  • Always include total findings and severity breakdown.
  • Include top findings with file:line, rule id, and reason.
  • If no findings exist, explicitly state that no policy violations were detected.
  • Keep remediation guidance concrete and brief.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…