ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Security Audit Tianjin

Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 29 · 1 current installs · 1 all-time installs
by@tianjin-ren
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Clawdbot security audit) aligns with the script's behaviors: recursive file scans, port checks, Docker/Git checks and credential pattern matching under a Clawdbot directory. However, the script hard-codes paths under /root/clawd and a CONFIG_DIR '/root/clawd/skills/.env' which is very specific and could be incorrect or overly broad for other installs. Also _meta.json ownerId differs from registry ownerId (metadata mismatch).
!
Instruction Scope
SKILL.md instructs to run node skills/security-audit/scripts/audit.cjs with flags and promises scanning of 'tokens in command history' and an 'auto-fix' mode. The included script shows many read/scan operations and execSync usage (ss/netstat, git), but the provided file is truncated so the full auto-fix implementation and any reads of shell history are not visible. The instructions give the agent permission to run code that reads many files and may modify filesystem state; the exact modification behavior (what --fix changes) is not fully verifiable from the truncated code.
!
Install Mechanism
There is no install spec (instruction-only style), but SKILL.md commands invoke node. The registry metadata lists no required binaries. That is an inconsistency: the script requires Node.js to run but the skill does not declare Node as a required binary or runtime. Running without Node will fail; running with Node will execute the bundled code. Lack of declared runtime is a mismatch the user should note.
Credentials
The skill declares no environment variables or external credentials (consistent). The script reads many files under /root/clawd (configs, .env, Dockerfile, .git, code files) which is proportionate to auditing Clawdbot, but because the path is hard-coded to /root it will access root-owned files if run as a privileged user. The audit's read-only checks are expected, but the auto-fix option implies write operations (e.g., setting permissions, creating .gitignore) which require filesystem write privileges and increase risk if run on a system with unrelated sensitive files.
Persistence & Privilege
The skill is not always-enabled and the default autonomous invocation is allowed (platform default). There are no indications it attempts to persist itself or modify other skills. However, the auto-fix behavior can change file permissions and create files in the audited tree — this is expected for an auto-fix feature but is higher privilege than a pure scanner and should be used cautiously.
What to consider before installing
This skill appears to implement a Clawdbot security audit, but take these precautions before installing/running it: - Expect to run the script with Node.js; the skill does not declare Node as a required binary — ensure Node is present or the run will fail. - Review the full scripts/audit.cjs source (the provided file was truncated) to confirm exactly what --fix does (which files are modified, exact permission changes, any writes). Back up the target directories first. - The script uses hard-coded paths under /root/clawd and '/root/clawd/skills/.env'. Only run it on a system where those paths are the intended target; otherwise edit the script or run it in a controlled environment. - Run the audit in read-only mode (no --fix) first to inspect findings. If you consider using --fix, run it in an isolated test environment or container and review changes afterwards. - The code uses child_process.execSync (ss/netstat, git). That is expected for port/git checks but increases the blast radius — avoid running as root unless necessary. - Confirm the skill source/owner is trusted (metadata mismatch observed). If provenance is uncertain, prefer manual review or use in an isolated sandbox.
scripts/audit.cjs:166
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk9760g0t1y5w8jpm07d1aywss5830txb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Security Audit Skill

When to use

Run a security audit to identify vulnerabilities in your Clawdbot setup before deployment or on a schedule. Use auto-fix to remediate common issues automatically.

Setup

No external dependencies required. Uses native system tools where available.

How to

Quick audit (common issues)

node skills/security-audit/scripts/audit.cjs

Full audit (comprehensive scan)

node skills/security-audit/scripts/audit.cjs --full

Auto-fix common issues

node skills/security-audit/scripts/audit.cjs --fix

Audit specific areas

node skills/security-audit/scripts/audit.cjs --credentials      # Check for exposed API keys
node skills/security-audit/scripts/audit.cjs --ports            # Scan for open ports
node skills/security-audit/scripts/audit.cjs --configs          # Validate configuration
node skills/security-audit/scripts/audit.cjs --permissions      # Check file permissions
node skills/security-audit/scripts/audit.cjs --docker           # Docker security checks

Generate report

node skills/security-audit/scripts/audit.cjs --full --json > audit-report.json

Output

The audit produces a report with:

LevelDescription
🔴 CRITICALImmediate action required (exposed credentials)
🟠 HIGHSignificant risk, fix soon
🟡 MEDIUMModerate concern
🟢 INFOFYI, no action needed

Checks Performed

Credentials

  • API keys in environment files
  • Tokens in command history
  • Hardcoded secrets in code
  • Weak password patterns

Ports

  • Unexpected open ports
  • Services exposed to internet
  • Missing firewall rules

Configs

  • Missing rate limiting
  • Disabled authentication
  • Default credentials
  • Open CORS policies

Files

  • World-readable files
  • Executable by anyone
  • Sensitive files in public dirs

Docker

  • Privileged containers
  • Missing resource limits
  • Root user in container

Auto-Fix

The --fix option automatically:

  • Sets restrictive file permissions (600 on .env)
  • Secures sensitive configuration files
  • Creates .gitignore if missing
  • Enables basic security headers

Related skills

  • security-monitor - Real-time monitoring (available separately)

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…