Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SecOpsAI for OpenClaw
v0.3.4Conversational SecOps for OpenClaw audit logs. Run the live detection pipeline, inspect findings, triage incidents, and get mitigation guidance — all from chat.
⭐ 1· 146·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the SKILL.md actions: running a local 'secopsai' CLI, listing/triaging findings, and producing mitigations for OpenClaw audit logs. There are no unrelated credentials, binaries, or external services requested.
Instruction Scope
Instructions explicitly run shell commands in the user's home (~/secopsai) and read/write the local SOC store (data/openclaw/findings/openclaw_soc.db and ~/.openclaw/logs/). Read operations are default; write/triage actions are included but the skill documents requiring explicit user confirmation before writes. This is functionally appropriate but carries risk because the agent executes arbitrary local commands and can change local incident state if confirmation is given.
Install Mechanism
No install spec is present — the SKILL.md assumes a manual git checkout/virtualenv setup (git clone + pip). Instruction-only skills have lower install risk; the recommended repo is a GitHub URL (transparent source), though the skill metadata lacks an official homepage. The absence of packaged downloads or opaque installers reduces install risk.
Credentials
No environment variables or external credentials are requested, which is proportionate. However the skill requires filesystem access to ~/secopsai and ~/.openclaw/logs/ and the ability to run shell commands; those locations may contain sensitive logs/secrets and the skill can modify the SOC DB when triaging — so filesystem and exec access are significant privileges even without explicit credential requests.
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges. Model invocation is enabled (default), which is expected for skills. The SKILL.md warns about scheduled jobs and backups but does not itself request always-on presence or modify other skills/configs.
Assessment
This skill appears to do what it says (local SecOps on OpenClaw logs) but it executes shell commands and can write to your local SOC DB. Before installing or invoking it: 1) verify the upstream repository (review https://github.com/Techris93/secopsai or the code you will run) and prefer running it in an isolated/test environment; 2) ensure the agent's ability to run shell commands is intentional and limit that permission if possible; 3) back up your SOC DB and OpenClaw logs before allowing any triage/write actions; 4) require explicit confirmation for any write/triage operations and review those commands before they are executed; 5) if you need stronger assurance, ask the skill author for a signed/reproducible release or provide a vetted binary from a known project homepage.Like a lobster shell, security has layers — review code before you run it.
exfiltrationvk9766x0a3f6m488ztgth83gecs83gppfiocvk9766x0a3f6m488ztgth83gecs83gppflatestvk9766x0a3f6m488ztgth83gecs83gppflocal-firstvk9766x0a3f6m488ztgth83gecs83gppfmalwarevk9766x0a3f6m488ztgth83gecs83gppfobservabilityvk97cx94e0ypbpk7z0mvk5x30ph8376ndopenclawvk9766x0a3f6m488ztgth83gecs83gppfsecopsvk9766x0a3f6m488ztgth83gecs83gppfsecurityvk9766x0a3f6m488ztgth83gecs83gppfthreat-intelvk9766x0a3f6m488ztgth83gecs83gppf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.