Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Security Audit — BLUF Report
v1.0.1Run a non-interactive OpenClaw security audit that produces a structured BLUF report with posture rating, ranked findings, and one-line fix commands.
⭐ 0· 44·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to only run `openclaw security audit --deep` and be read-only, which matches its purpose. However, it also documents delivery via Telegram, appending to a memory file, and scheduling via `openclaw cron add` — behaviors outside a strict read-only formatter. The declared requirements list no env vars or config paths, yet the runtime instructions reference TELEGRAM_BOT_TOKEN and MASTER_TELEGRAM_ID.
Instruction Scope
SKILL.md contains contradictory statements: an explicit 'No network calls' / 'Read-only' claim, but later provides Python code that posts to Telegram (network) and shell examples that append to memory files (writes). It also instructs optional use of `--fix`, which would modify configuration if executed. The instructions therefore allow reading, writing, network I/O, and potentially config changes despite the trust claims.
Install Mechanism
Instruction-only skill with no install spec or code files. That minimizes surface area and nothing is being downloaded or installed by the skill itself.
Credentials
Metadata declares no required environment variables, but instructions reference TELEGRAM_BOT_TOKEN and MASTER_TELEGRAM_ID for delivery. That omission is inconsistent: if the skill can deliver via Telegram it should declare those env vars. No unrelated third-party credentials are requested, but the mismatch between documentation and declared requirements is concerning.
Persistence & Privilege
always:false (good) and disable-model-invocation is default (normal), but the skill guides creating scheduled cron jobs (`openclaw cron add`) and appending to memory files—both are forms of persistence. The skill also documents an optional `--fix` mode that can change system state. The SKILL.md's claim of 'read-only' conflicts with these persistent/write-capable instructions.
What to consider before installing
This skill mostly does what it says (format OpenClaw audit output), but there are clear inconsistencies you should resolve before installing or automating it: 1) The SKILL.md asserts 'no network' and 'read-only' yet includes a Telegram POST and file-append examples—treat the Telegram path as a network behavior that requires BOT_TOKEN/CHAT_ID. 2) The metadata does not declare the TELEGRAM env vars referenced; ask the publisher to list them explicitly if you plan to use Telegram delivery. 3) The skill documents an optional `--fix` mode that can change configuration—do not run `--fix` in production without manual review. 4) If you will let agents invoke this autonomously or schedule it, restrict tokens used for Telegram and review scheduled cron jobs created by OpenClaw. 5) To gain confidence: run `openclaw security audit --deep` manually, verify outputs and suggested fixes, and only enable automated delivery (memory/Telegram/cron) after confirming behavior and updating the skill metadata to accurately declare required env vars and any write/network actions.Like a lobster shell, security has layers — review code before you run it.
latestvk9779gq3sjkze2qnwf74h51qks84rt68
License
MIT-0
Free to use, modify, and redistribute. No attribution required.