ztp
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ztp Version: 2.0.0 The OpenClaw AgentSkills bundle is a security audit tool designed to detect malicious patterns, obfuscation, and unauthorized network/system access in code and documentation. The `SKILL.md` provides clear, benign instructions for the AI agent to run security scans. The core `shield_pro.py` script implements static (AST, regex) and dynamic (SafeImportHarness) analysis to identify vulnerabilities and malware, but it does not contain any malicious logic itself. The `SafeImportHarness` actively prevents dangerous system calls during module import, acting as a defense mechanism. While `os.popen` is used in `generate_markdown_report` for a benign purpose (getting the current date), and `scan_semantic` checks for an `OPENCLAW_AI_API_KEY` without performing any external communication, these do not indicate malicious intent. The overall design and implementation align with its stated purpose as a security gatekeeper.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on malicious code, the scanner could run some of that code instead of only reading it, creating risk of local side effects if the harness is incomplete.
The tests show a scan_dynamic feature intended to trigger on a target file that calls os.system. This implies the scanner may import or execute target code under a harness, which conflicts with SKILL.md's stated audit principle: 'Never run the target code during the audit.'
p.write_text("import os\nos.system('whoami')")
findings = scan_dynamic(str(p))
assert any("dynamic trap" in f["issue"].lower() for f in findings)Disable dynamic execution by default, make it explicit opt-in, run it only in a hardened sandbox, and update the documentation so it accurately states when target code may be executed.
The audit may read project files and dependency manifests with any installed external scanners, and some tools may contact package or vulnerability services.
The skill directs the agent to run multiple external local tools over project files. This is aligned with security auditing, but it broadens what gets read or sent to tool-specific services compared with the built-in scanner alone.
If available in the environment, the Agent MUST run these SOTA tools ... `bandit -r <target_dir> -f json`, `safety check -r requirements.txt --json`, `npm audit --json`, `trivy fs <target_dir> --format json`, `garak ...`
Confirm the target path and ask the user before running broad external scans, especially on private projects.
The agent might fail to run the intended scanner or could run a different local script if that path exists.
The documented command hard-codes a path named openclawSecurity, while the evaluated skill is named/slugged ztp and the manifest lists the helper as scripts/shield_pro.py. This could cause path confusion or execution of the wrong local file if copied literally.
python3 skills/openclawSecurity/scripts/shield_pro.py --target <path_to_scan> --format json
Use the installed skill's actual resolved path, or document the correct relative command for this package.
The agent may refuse or pause integration work after scanner findings, including possible false positives.
The skill defines stopping and rejection rules for the agent. This is consistent with a security gatekeeper, but it can change the agent's workflow based on scanner output.
If `CRITICAL` or `HIGH` > 0: **REJECT** the code. If `MEDIUM` > 0: **HALT** and ask User for manual review.
Treat scanner decisions as advisory unless the user has explicitly opted into this gatekeeping policy.