Workspace Audit

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill is mostly a transparent local workspace audit, but it can print credential-related lines from private files and enumerate 1Password item titles, so it deserves review before use.

Install only if you are comfortable with a local audit reading your OpenClaw workspace and optional 1Password item names. Prefer running it manually first, set OP_VAULT to a narrow vault, keep audit.conf trusted, and treat the output as sensitive because it may include credential-related lines.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI06: Memory and Context Poisoning

What this means

A secret that the audit is supposed to find could be re-exposed to the agent session or saved in logs.

Why it was flagged

The script scans private workspace files and prints matching line content. A line such as an environment variable or API key assignment could include the secret value, causing it to enter the terminal, agent transcript, or logs.

Skill content

cred_pattern = re.compile(r'(1Password|op item|API.?[Kk]ey|env[: ]|gateway env|OP_SERVICE)', re.IGNORECASE) ... print(f'  ⚠️  {name}:{i+1} — credential-adjacent content: {line.strip()[:80]}')

Recommendation

Redact matched values before printing, or print only filenames and line numbers. Run manually and avoid sharing full output if you suspect secrets are present.

Low

#ASI03: Identity and Privilege Abuse

What this means

1Password item names can reveal sensitive service or account metadata, even though the script does not retrieve secret field values.

Why it was flagged

When the 1Password CLI is authenticated and OP_VAULT is not set, the audit enumerates item titles from all accessible vaults.

Skill content

VAULT="${OP_VAULT:-}" ... echo "🔒 Vault: (all vaults)" ... VAULT_ITEMS=$(op item list $VAULT_FLAG --format json

Recommendation

Set OP_VAULT to the narrow vault you want audited, and only run this check with an account or service token that has appropriate limited access.

Low

#ASI05: Unexpected Code Execution

What this means

If an untrusted party can edit audit.conf, running the audit could execute their shell code.

Why it was flagged

The custom audit configuration is loaded with shell source, so a modified audit.conf can run shell commands, not just set limit variables.

Skill content

if [ -f "$CONF" ]; then
  # shellcheck source=/dev/null
  source "$CONF"
fi

Recommendation

Keep audit.conf trusted and limited to simple variable assignments, or change the script to parse expected keys instead of sourcing the file.