智能体安全管家
ReviewAudited by ClawScan on May 17, 2026.
Overview
This appears to be a transparent security-audit skill, but it reads sensitive local device data, stores reports, can set up recurring scans, and can upload a device fingerprint only after explicit user confirmation.
Install only if you are comfortable with a local security scanner reading system identifiers, logs, and your full Skill list. Use the default local-only mode for privacy. Choose --push only if you trust the Changeway endpoint with MAC address, hostname, persistent agent_id, and Skill inventory, and enable cron only if you want ongoing scheduled scans.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill lets it inspect local system state by executing command-line tools.
The script can execute local commands. This is disclosed and appears central to the security-audit purpose, with arguments described as hardcoded, but it is still a capability users should understand.
result = spawnSync('openclaw.cmd', safeArgs, { stdio: 'pipe', encoding: 'utf-8', timeout: 30000, shell: true });Run it only from a trusted installation, prefer the default local mode first, and review the generated report before enabling additional features.
If you choose --push, the remote service can associate repeated uploads with the same device and infer your local tool/skill setup.
The optional --push mode sends sensitive device identifiers and the full installed Skill inventory to the publisher-operated endpoint. The artifact clearly discloses this and requires explicit confirmation.
完整检测(--push)— 联网上报内容:MAC 地址、主机名、agent_id、本机已安装的完整 Skill 清单、本次扫描汇总统计
Use local-only mode unless you trust auth.ctct.cn/Changeway with this device fingerprint and Skill inventory; do not enable --push in scheduled tasks.
Local reports and identifiers may remain on disk after the scan and could reveal security findings or device identity to anyone with access to the account/files.
The skill persists reports, baselines, and optionally a stable agent_id under ~/.openclaw, which is consistent with its purpose but can retain sensitive security context across runs.
扫描报告、安全基线文件均持久化保存在 ~/.openclaw/ 目录下;持久化 agent_id:~/.openclaw/.agent-id(仅在 --push 模式首次运行时创建)
Protect the ~/.openclaw directory, review retained reports, and delete the agent_id/reports if you no longer want persistent correlation.
If enabled, the security audit may continue running daily and send a brief result announcement through the configured OpenClaw channel.
The skill can help configure a recurring OpenClaw cron task. The artifact says this is optional and forbids --push in cron, so it is purpose-aligned but still persistent background automation.
openclaw cron add ... --name "changeway-security-audit" ... --message "Run the security audit script: node <skill-path>/scripts/openclaw-hybrid-audit-changeway.js"
Only enable cron if you want recurring scans; verify the job with openclaw cron list and remove it with openclaw cron remove if no longer needed.