test0413-6348
v1.5.3Security audit + append-only logging + monitoring for OpenClaw skills (file-level diff, baseline approval, SHA-256 integrity).
⭐ 0· 0·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (skills-audit, static analysis, diffs, baseline approval) match the included scripts and config. Required tools (Python ≥3.9 and git) and local filesystem access align with the stated purpose. No unrelated cloud credentials or extraneous binaries are requested.
Instruction Scope
The SKILL.md and scripts instruct the agent to read the full workspace/skills tree, compute diffs, snapshot into ~/.openclaw/skills-audit/snapshots, and append NDJSON logs to ~/.openclaw/skills-audit/logs.ndjson. This behavior is coherent for an audit tool, but it does mean the tool will read and store file contents (including any secrets present in skills) locally and may include snippets in logs/notifications. The skill explicitly warns about not auto-pushing full diffs and requires a 'show' flow for detailed diffs — that mitigation is present in the instructions.
Install Mechanism
No external install/downloads are requested; code is provided and scripts claim to use only the Python standard library. No network-based installs or arbitrary archives are fetched by an installer spec. Using git and subprocesses is expected for snapshot/diff operations.
Credentials
The skill requests no environment variables or credentials. It does access the user's home and the workspace path (~/.openclaw and workspace/skills) to read and write audit data, snapshots, and baseline state — this filesystem access is necessary for its function but is broad (reads entire skills directory and writes logs/snapshots).
Persistence & Privilege
The skill writes to ~/.openclaw/skills-audit and can be run periodically (via cron) but explicitly instructs the agent not to create cron jobs automatically. It does not request always:true. The persisting of snapshots/logs is expected, but you should confirm cron/scheduling and notification delivery targets before enabling automated push to external channels.
Scan Findings in Context
[subprocess.run (DYNAMIC_EXEC pattern)] expected: The scripts call subprocess.run to invoke git and other local helper commands for snapshotting/diffing; a static-audit tool legitimately needs controlled subprocess execution.
[git usage / snapshots] expected: The code creates a local git repo under ~/.openclaw/skills-audit/snapshots and runs git diff/log commands for content diffs; this is consistent with the described file-level diff capability.
[presence of network-pattern detectors (config contains many 'dangerous' needles)] expected: The risk/semantic rules and pattern files intentionally include dangerous patterns (eval, curl|sh, base64, etc.) as detection signatures for the scanner; their existence in config is expected and appropriate for a security scanner.
Assessment
This tool appears coherent: it will read your whole skills workspace, snapshot contents into a local git repo, and append audit entries to ~/.openclaw/skills-audit/logs.ndjson. Before enabling automated monitoring or cron-based notifications you should: (1) run the init and a manual scan yourself and inspect ~/.openclaw/skills-audit/logs.ndjson and snapshots to confirm what will be collected; (2) confirm that no secrets (API keys, private keys, credentials) are stored inside skills you don't want logged — the scanner will read any files under the skills tree and may include snippets in logs; (3) review and customize templates/notify.txt so external notifications do not leak sensitive diffs, and only create cron jobs after you explicitly approve the command and delivery channel; (4) if you prefer, run the scanner in an isolated environment for the first pass. The code uses only standard-library modules and git, so there are no hidden external dependencies in the package itself.Like a lobster shell, security has layers — review code before you run it.
latestvk97e1re6yqxwqkr1h5gxzc7jad84rn2r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.