Back to skill
Skillv0.1.3
ClawScan security
NxtSecure-openclaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 2:22 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (nightly Linux host security audit and remediation) but performs privileged system changes and installs a persistent cron job — review configuration and defaults before enabling on production systems.
- Guidance
- This skill appears to do what it says, but it modifies system state and can remediate automatically. Before installing or enabling: 1) Inspect the bundled scripts yourself and test them on a non-production host. 2) Backup SSH config and ensure you have an alternate access method (console or recovery) in case of lockout. 3) Consider setting AUTO_REMEDIATE=0 in the config to run in report-only mode, then enable remediation after manual review. 4) Note the cron installer will add a persistent nightly job; run it only on hosts you want scheduled audits on. 5) The SKILL.md suggests installing an external npm package — if you follow that step, verify the upstream package (publisher, version) before running. 6) VirusTotal uploads are disabled by default; the script will prepare browser-based workflows and only uploads if you explicitly enable/approve it. 7) If you need higher assurance, run the audit scripts manually once and review their output/logs before installing the cron.
Review Dimensions
- Purpose & Capability
- okThe name/description (OpenClaw host security audit, nightly 23:00 run) match the delivered assets: a main audit script, a cron installer, and a VirusTotal helper. The checks implemented (firewall, fail2ban, SSH hardening, listening ports, Docker review, disk, failed logins, automatic updates, VirusTotal browser workflow) are expected for this purpose.
- Instruction Scope
- noteThe SKILL.md and bundled scripts instruct the agent to perform privileged changes: enable services, modify SSH configuration (disable password auth, add drop-in files), and potentially enable firewall rules. These actions are coherent for a remediation tool but are powerful. The skill attempts automatic remediation by default (AUTO_REMEDIATE=1) and will disable SSH password auth automatically if allowed — the README includes safety guidance (check new port, open firewall, test a second session) which mitigates lockout risk, but the automatic remediation default can still surprise an operator who expects only reporting.
- Install Mechanism
- noteThere is no install spec in the registry bundle (instruction-only plus local scripts). The SKILL.md suggests an npm package (npm install -g nxtsecure-openclaw) as a preferred CLI, but the repository includes functional local scripts as fallbacks. Installing the npm package would fetch external code not included here; the bundled scripts themselves do not download remote archives and are inspectable.
- Credentials
- noteNo secrets or unrelated credentials are requested. The scripts read system configuration files (ssh config, systemctl, firewall, Docker state) and accept a few optional env vars (OPENCLAW_AUDIT_CONFIG, OPENCLAW_AUDIT_LOG, VIRUSTOTAL_ALLOW_UPLOADS). These are proportional to a host audit but require elevated privileges to act, which is expected but sensitive.
- Persistence & Privilege
- noteThe installer script writes a crontab entry to schedule the audit nightly at 23:00; this is persistent and, if run as root, will execute privileged work each night. The skill is not force-enabled (always:false). Autonomous model invocation is allowed by default (normal), but persistent scheduled execution is a real operational effect the user should explicitly approve.