ClawHub
Back to skill
v1.0.0

ZT4AI Self-Audit

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:57 AM.

Analysis

ZT4AI Self-Audit is a coherent local security-audit helper; its file scans, checksum baseline, optional network check, and saved reports are disclosed and aligned with that purpose.

GuidanceThis skill appears safe for its stated purpose of auditing OpenClaw skills and workspace security. Before installing or using it, review the visible shell commands, decide whether you want the external httpbin.org network test, and make sure generated reports do not include actual secrets.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
find ~/.openclaw/skills/ ~/.openclaw/workspace/skills/ ... -name "*.sh" ...; curl -s -o /dev/null -w "%{http_code}" https://httpbin.org/get --max-time 5

The skill instructs the agent to run local shell diagnostics over OpenClaw skill directories and perform a simple outbound network reachability check. This is powerful local tooling, but it is disclosed, bounded to the audit purpose, and not shown as automatic or destructive.

User impactRunning the audit may reveal local skill inventory and security posture, and the curl check contacts an external test service.
RecommendationUse the skill when you intentionally want a local security audit, review the displayed commands before running them, and skip or replace the external curl check if you do not want any outbound contact.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The registry metadata does not provide an upstream source or homepage for provenance. The included artifacts are visible and the script is simple, but users cannot independently verify origin from the metadata alone.

User impactYou have less external provenance information for deciding whether to trust this audit helper.
RecommendationReview the included files before use and prefer pinned, documented sources for security-sensitive auditing tools.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Are there credentials in workspace files? (`grep -rli "api_key\|password\|secret" ~/.openclaw/workspace/`)

The audit includes searching workspace file contents for credential markers. The command is purpose-aligned and uses `-l` to list matching files rather than print secret values, but it still touches potentially sensitive files.

User impactThe audit may identify where credentials or secrets appear in workspace files.
RecommendationKeep credential checks limited to trusted workspace paths and avoid copying actual secret values into reports or chat output.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Save report to `memory/zt4ai-audit-YYYY-MM-DD.md`.

The skill persists audit results into memory. This supports ongoing monitoring, but saved reports may later be loaded into context and can contain file inventories, risk findings, or other security-sensitive details.

User impactAudit reports and baselines may remain available to future agent sessions and could expose details about your workspace security posture.
RecommendationReview saved audit reports for sensitive content, redact secrets, and keep only the baselines or reports you intend the agent to reuse.