OpenClaw Policy Check
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward local repository policy scanner, but users should scope the scan path and avoid sharing raw output if it may include secrets.
This skill appears safe and coherent for local preflight repository scanning. Before using it, make sure the target path is the specific repo or file you intend to inspect, and do not share raw JSON results without checking for credential-like snippets.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a broad directory such as a home folder instead of a repository, it may inspect many local files and report findings from them.
The script resolves a user-provided target path and recursively walks it, so its local file access depends on the path selected for scanning.
target = Path(args.target_path).expanduser().resolve() ... for root, dirs, files in os.walk(target):
Run it only on the intended repository or file, and avoid broad paths unless that is explicitly what you want to scan.
Raw scan output could reveal parts of credentials or sensitive configuration lines to anyone who can see the scan results.
Findings can include up to 200 characters of the matched line, and JSON output returns the full findings list; for secret-detection rules, that output may contain secret-like text.
"snippet": line.strip()[:200], ... "findings": findings,
Treat scan results as sensitive, especially when using JSON output, and redact secret-like snippets before sharing them.