ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AOI OpenClaw Security Toolkit (Core)

v0.1.6

Run local-only fail-closed security checks to detect and report data leaks, secrets, egress risks, and prompt injections before publishing or committing code.

2· 704·0 current·0 all-time
by@edmonddantesj
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (local-only security scanner) match the code and bundled rule files. The only minor mismatch: the skill spawns the 'git' command to compute diffs, but the registry metadata lists no required binaries; git is reasonable for a repo preset but the metadata could explicitly declare it.
Instruction Scope
SKILL.md describes scanning repo/workspace paths, using included rules, and producing redaction-safe reports. The implementation reads local files, scans text and URLs, and may write an output report; it does not attempt to read unrelated system secrets, nor does it send data to external endpoints.
Install Mechanism
There is no install spec (instruction/CLI provided via bundled skill.js). package.json maps a local CLI binary but no external downloads or registry installs are required. No third-party packages are pulled in.
Credentials
The skill requests no environment variables or credentials. The code does not access secret environment variables or external service tokens; it only reads files in the working tree and may invoke git.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide settings. It may write an output file when --out is used, which is expected behavior for a CLI report generator.
Assessment
This appears to be a coherent local-only scanner. Before installing, ensure you: (1) are comfortable that the tool will read files in your repository/workspace (including any files under '.'), (2) have git on PATH if you plan to use diff presets, and (3) review the bundled rules/regex files if you want to tune sensitivity. If you need stronger assurance, inspect the remainder of skill.js (integrity checks are provided) or run it in a sandboxed environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk977j7c82anketj0xphswjtrcs818fxj
704downloads
2stars
1versions
Updated 6h ago
v0.1.6
MIT-0
@edmonddantesj
latest
Download

AOI OpenClaw Security Toolkit (Core)

Why: Prevent “one bad commit” incidents (accidental file leakage + secret exposure) with a fast, local-only, fail-closed check. When: Before committing/pushing, before publishing a skill, and when reviewing scripts/skills for unexpected egress behavior. How: Run a single command to get PASS/WARN/BLOCK and an optional redaction-safe report. Scope: Detection + reporting only (no auto-fix, no uploads, no auto-posting). Quickstart: openclaw-sec check --preset repo --diff staged

This is a public-safe toolkit skill.

  • Does: detect + report risks (PASS/WARN/BLOCK)
  • Does NOT: auto-fix, auto-upload, auto-post, or exfiltrate data

CLI

Binary: openclaw-sec

Common:

openclaw-sec check --lang en
openclaw-sec check --lang ko
openclaw-sec scan-secrets
openclaw-sec scan-egress
openclaw-sec scan-prompt --file inbound.txt

Exit codes:

  • 0 PASS
  • 1 WARN
  • 2 BLOCK

Default scan scope

If --paths is omitted, it scans existing paths among:

  • .
  • skills/
  • scripts/
  • context/

Rules

Rule files live in rules/:

  • secret_patterns.txt
  • egress_patterns.txt
  • prompt_injection_patterns.txt

Edit these to tune sensitivity.

Comments

Loading comments...