Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cyber Security Engineer
v0.1.9Security engineering workflow for OpenClaw privilege governance and hardening. Use for least-privilege execution, approval-first privileged actions, idle tim...
⭐ 0· 1.5k·11 current·11 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included files: port/egress monitors, command policy, guarded privileged exec, assessment/dashboard generators, and a runtime hook installer. Required tools (python3, lsof/ss/netstat, optionally npm/openclaw CLI) are consistent with the declared purpose.
Instruction Scope
SKILL.md instructs the agent to run local inspection and enforcement scripts and to optionally install a sudo shim under the user's home. The instructions reference only the declared policy files and ~/.openclaw state; they do collect local process/port/connection info (lsof/ss/netstat outputs, PIDs, commands) and write results to ~/.openclaw and the skill's assessments directory — expected for this purpose but privacy-sensitive. Review the notify_on_violation behavior before enabling notifications.
Install Mechanism
There is no remote download/install spec in the registry entry; the skill is instruction-only with bundled scripts. The provided installer modifies only the user's home (~/.openclaw) and (optionally) the OpenClaw gateway LaunchAgent on macOS. That is proportionate, but the LaunchAgent change is sensitive and is opt-in per the doc.
Credentials
No required secrets or unrelated environment variables are requested. The documented OPENCLAW_* variables are configuration toggles for the shim/monitoring behavior (approval token, session id, notifier path, etc.) and are reasonable for the stated feature set. Nothing asks for cloud/OS credentials outside the user's control.
Persistence & Privilege
The skill does install an opt-in sudo shim into ~/.openclaw/bin and can modify the gateway LaunchAgent (macOS) when enabled; this grants the skill persistent interception of sudo within the gateway process's PATH but only if the user opts in (ENFORCE_PRIVILEGED_EXEC=1). always:true is not set. Treat the runtime hook as a privileged control that should be enabled only after inspection and testing.
Assessment
This package appears to implement what it advertises (least‑privilege wrappers, port/egress monitoring, and compliance reporting). Before installing or enabling the sudo runtime hook: 1) Audit the installer script (scripts/install-openclaw-runtime-hook.sh) and the sudo shim (scripts/guarded_privileged_exec.py and scripts/root_session_guard.py) to confirm they only modify ~/.openclaw and the OpenClaw gateway LaunchAgent as documented; 2) Inspect notify_on_violation.py to verify it does not send data to remote endpoints you don't expect (the skill allows configuring an external notifier path); 3) Restrict and review policy files (~/.openclaw/security/*.json) and set tight filesystem permissions so audit/assessment outputs are not world-readable; 4) Test in a non-production environment first (the auto-cycle will run lsof/ss/netstat and record PIDs/commands and connection targets to assessment files); and 5) If you do enable the shim, ensure you understand recovery steps (how to remove ~/.openclaw/bin/sudo and revert LaunchAgent changes) so you can restore the original sudo behavior if needed.Like a lobster shell, security has layers — review code before you run it.
compliancevk977mxt16g3eq3q085a0e3879s83pdhtiso27001vk977mxt16g3eq3q085a0e3879s83pdhtlatestvk977mxt16g3eq3q085a0e3879s83pdhtnistvk977mxt16g3eq3q085a0e3879s83pdhtsecurityvk977mxt16g3eq3q085a0e3879s83pdht
License
MIT-0
Free to use, modify, and redistribute. No attribution required.