SkillSentryOpenClaw's Always‑On Security Cop
v1.1.0OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs.
⭐ 0· 1k·4 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (local OpenClaw security audit and prompt-injection detection) matches the included audit.sh which scans OpenClaw status, session state, memory and skills directories and performs a localhost port scan. However SKILL.md instructs running node scripts (node scripts/panel-server.js and node scripts/config.js) and refers to config.yaml and logs/last-report.json even though those node scripts and config file are not present in the package. The audit.sh defaults to hardcoded paths under /Users/BillyAssist/clawd which appears to be a developer leftover and may not match the target system. OUTDIR is declared but never used. These inconsistencies reduce trust in the packaging and intent.
Instruction Scope
The runtime instructions ask you to present a UI, edit config.yaml, and schedule scripts/audit.sh in cron. The actual bundle only contains a static panel.html, audit.sh, and helper docs; the server and config JS files referenced are missing. The script does scan local 'memory' and 'skills' directories (which is consistent with an auditor) — these may contain sensitive content, so scanning them is warranted but must be understood. SKILL.md claims 'Local-only scans; no network calls outside localhost', and audit.sh adheres to that (it only runs a localhost nmap if present). However the instructions are vague about how cron should be set up and where outputs/logs are stored, and the claimed 'last report at logs/last-report.json' is not produced by the included script.
Install Mechanism
No install spec or remote downloads — the skill is instruction-only with a local shell script and static assets. That minimizes supply-chain risk. The only potentially sensitive operation is executing the bundled shell script; there are no external URL downloads or extracted archives in the package.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. The script does respect WORKDIR and OUTDIR environment variables if set, but defaults to a hardcoded /Users/BillyAssist/clawd path — this is odd and likely a leftover. The script reads local files (memory, skills) which are relevant for prompt-injection scans but could expose sensitive data; no network exfiltration is present in the code, but you should verify you are comfortable with local file scanning of those paths before running.
Persistence & Privilege
The skill is not configured always:true and does not autonomously install itself. However SKILL.md explicitly instructs the user to set up a cron job to run scripts/audit.sh on a cadence; that is legitimate for an auditor but creates persistent execution. You should not schedule the script until you inspect and (if needed) edit it and the referenced missing components. The skill does not modify other skills' configs in the package.
What to consider before installing
This package appears to be a local-only OpenClaw auditor, but several things don't add up — the SKILL.md references node scripts (panel-server.js, config.js) and a config.yaml/log path that are not included, and the shell script defaults to a developer's hardcoded path (/Users/BillyAssist/...). Before using/installing: 1) Do not schedule it in cron yet — inspect and run it manually. 2) Read scripts/audit.sh line-by-line and change WORKDIR to your OpenClaw installation (or set WORKDIR env var) so it does not scan an unexpected location. 3) Confirm the commands it calls (openclaw, session_status, nmap) exist and behave as you expect; run audit.sh in a non-privileged account first. 4) Understand it will read local 'memory' and 'skills' directories (these can contain sensitive data); if you do not want that scanned, edit SCAN_PATHS. 5) The UI described in SKILL.md will not run as-is — panel.html is static and no server code is included. 6) Only schedule persistence (cron) after you have validated the script's behavior and outputs and are satisfied it does not transmit data externally. If you need more assurance, ask the author for the missing server/config scripts and an explanation of the hardcoded paths, or run the audit in a controlled environment (container or isolated VM) first.Like a lobster shell, security has layers — review code before you run it.
agent-guardvk9784pqg1g4skcrpppw3y13zbd80y571api-leakvk9784pqg1g4skcrpppw3y13zbd80y571auditvk9784pqg1g4skcrpppw3y13zbd80y571frenzy-proofvk9784pqg1g4skcrpppw3y13zbd80y571latestvk9784pqg1g4skcrpppw3y13zbd80y571openclaw-securityvk9784pqg1g4skcrpppw3y13zbd80y571pi-detectorvk9784pqg1g4skcrpppw3y13zbd80y571securityvk9784pqg1g4skcrpppw3y13zbd80y571
License
MIT-0
Free to use, modify, and redistribute. No attribution required.