ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Shield — OpenClaw Security Audit

v1.0.0

Security audit engine for OpenClaw configurations. Detects vulnerabilities, misconfigurations, secret leaks, and over-privileged agents. Use when the user as...

0· 739·2 current·2 all-time
byLaurent | AI@laurentaia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (security audit) match the code and instructions: the CLI and library analyze an OpenClaw JSON, produce a risk report, and can sanitize secrets. The only minor mismatch is the implicit reliance on a local 'openclaw' CLI when using --live (execSync('openclaw config.get')), which is reasonable for a live-audit feature but not declared in SKILL.md's requirements.
Instruction Scope
SKILL.md instructs the agent to read the user's OpenClaw config (file or stdin) and run the included audit/sanitize tools. The runtime instructions and code consistently operate on local files and stdin; they do not instruct the agent to read unrelated system paths or to exfiltrate data to external endpoints. Reading the user's config (which may contain secrets) is expected for an audit tool.
Install Mechanism
No install spec is provided (instruction-only install), and the packaged files are pure Node.js scripts. Nothing is downloaded or extracted at install time. This is a low-risk install model consistent with the skill's stated function.
Credentials
The skill declares no required environment variables or credentials and the code does not expect any hidden tokens. The sanitizer contains many regexes to detect common secret formats (AWS, GitHub, private keys, etc.), which is appropriate for a sanitizer/audit tool. There are no unrelated credential requests.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It can be invoked autonomously (disable-model-invocation:false) which is the platform default; this combined with the skill's limited scope is not excessive.
Assessment
This skill appears to do what it says: it analyzes and sanitizes local OpenClaw configuration files. Before installing, consider: (1) the tool will read files in your home directory (e.g., ~/.openclaw/openclaw.json) and any config you feed it — these often contain secrets, which the sanitizer attempts to redact but you should still review outputs before sharing; (2) the --live audit tries to run the local 'openclaw' CLI to fetch config — ensure that binary is trusted on your system; (3) the README mentions an optional paid remote audit service (ACP) — the included code does not perform remote uploads, but be cautious if the skill is extended or you opt into any remote/premium feature; (4) source and provenance are unknown in the registry metadata — if you require higher assurance, review the included JS files locally or run the audit in an isolated environment. Overall the package is coherent and appropriate for its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk977kpq8ywd3jcwapexk1yvvk981pgt7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments