dep-audit
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: dep-audit Version: 0.2.1 The skill is designed for dependency auditing and includes strong safety measures like explicit confirmation for fixes and report-only defaults. However, it is classified as 'suspicious' due to two main factors: (1) The `scripts/detect.sh` and `scripts/sbom.sh` files suggest installing `syft` using `curl -sSfL ... | sh`, which is a common but risky practice that executes arbitrary remote code and poses a supply chain vulnerability if the remote script is compromised. (2) The `run_timeout` helper in multiple scripts (e.g., `aggregate.sh`, `audit-cargo.sh`) allows audit tools to run without a time limit if `timeout` or `gtimeout` are unavailable, creating a potential Denial of Service (DoS) vulnerability. While these are not direct malicious actions, they represent significant security risks and vulnerabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may approve a scan believing only lockfiles are read, while the Go path can inspect local project packages/source structure.
The Go audit runs govulncheck across all packages under the target directory, which is broader than a lockfile-only dependency read and conflicts with SECURITY.md claims that project source code is never accessed.
RAW=$(cd "$DIR" && run_timeout 60 govulncheck -json ./... 2>/dev/null)
Update the documentation to clearly disclose Go source/package analysis, or change the Go workflow to a mode that only uses dependency metadata if that is the intended behavior.
Running an audit could leave files behind or overwrite same-named files in the working directory without the user explicitly asking for saved output.
The normal audit workflow instructs the agent to write fixed output filenames. This can overwrite existing unified.json or report.md files, while the declared write permission is described as on-request for SBOM generation.
bash <skill_dir>/scripts/aggregate.sh <npm_result.json> <pip_result.json> ... 1>unified.json 2>report.md
Use temporary files by default, ask before writing reports into the project, and avoid fixed filenames unless the user chooses them.
If the user confirms, dependency files or local environments may be changed by commands such as npm audit fix or pip install.
The skill can suggest and potentially run dependency-fix commands, but the artifact explicitly requires user confirmation before mutation.
Ask for explicit confirmation before running ANY fix command. Never batch-run fix commands silently.
Review each proposed fix command, use a branch or backup, and confirm only the changes you want.
Installing missing tools from remote or latest-version sources can run third-party code on the local machine.
The documented SBOM tool install path includes a remote shell installer. It is not shown as automatically executed, but users should recognize the supply-chain implications.
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh \| sh
Install audit tools from trusted package managers where possible, verify installer sources, and pin versions when appropriate.