OpenClaw Policy Check
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-policy-check Version: 1.0.0 The OpenClaw Policy Check skill is designed as a security scanner to detect risky patterns in code and scripts. The `scripts/policy_check.py` script uses regular expressions to identify common vulnerabilities and potentially malicious constructs (e.g., `curl|sh`, `rm -rf /`, `shell=True` in Python, hardcoded secrets, exfiltration endpoints). The script itself does not perform any malicious actions like data exfiltration, unauthorized execution, or persistence. It only reads specified files and reports findings. The `SKILL.md` instructions guide the AI agent to run the scan and report results, without any evidence of prompt injection attempting to subvert the agent's intended behavior for harmful purposes. All identified high-risk patterns are for detection, not execution by the skill itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a broad directory such as a home folder instead of a repository, it may inspect many local files and report findings from them.
The script resolves a user-provided target path and recursively walks it, so its local file access depends on the path selected for scanning.
target = Path(args.target_path).expanduser().resolve() ... for root, dirs, files in os.walk(target):
Run it only on the intended repository or file, and avoid broad paths unless that is explicitly what you want to scan.
Raw scan output could reveal parts of credentials or sensitive configuration lines to anyone who can see the scan results.
Findings can include up to 200 characters of the matched line, and JSON output returns the full findings list; for secret-detection rules, that output may contain secret-like text.
"snippet": line.strip()[:200], ... "findings": findings,
Treat scan results as sensitive, especially when using JSON output, and redact secret-like snippets before sharing them.