Back to skill
Skillv2.0.1
ClawScan security
Audit OpenClaw Security · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 10:49 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The bundle does what it claims: a read-only, defensive OpenClaw audit workflow with helper scripts and redaction tools, and its requirements and instructions are proportionate to that purpose.
- Guidance
- This bundle is coherent for performing an OpenClaw audit. Before using: 1) Confirm you own or have explicit permission to audit the target host (SKILL.md guardrail #1). 2) Prefer Mode A (ask the user to run commands) if you do not want the agent to execute local shell commands. 3) If you allow the agent to run Mode B, run it in a constrained environment (dedicated user/container) because the scripts collect host/network and OpenClaw state metadata. 4) Always review redacted outputs before sharing externally; the redact tool is best-effort and may miss edge cases. 5) Do not provide raw gateway tokens, API keys, or credential files — the skill explicitly discourages that.
Review Dimensions
- Purpose & Capability
- okName/description match the included assets: SKILL.md, host/audit collection script, reporter, and redaction tool. No unrelated credentials, binaries, or external services are requested. The files and guidance align with an OpenClaw-focused security audit.
- Instruction Scope
- noteSKILL.md confines actions to diagnostics and read-only checks and instructs redaction before sharing. It supports two modes: assisted (user runs commands) and agent-run (Mode B) where the bundled scripts may be executed locally. The collection script intentionally avoids --fix operations and copying credential files, but it does read listings, run status probes, and stat the state/config file; these are expected for an audit but will reveal host metadata and config snippets. The script will attempt non-interactive sudo for some firewall commands (skips if not allowed).
- Install Mechanism
- okNo install step or remote downloads. The skill is instruction-first with bundled scripts (no external URLs). Running the scripts executes local commands but nothing in the bundle pulls external code or writes unexpected binaries to disk.
- Credentials
- okNo required environment variables or credentials are declared. The collector respects OPENCLAW_STATE_DIR if present (a reasonable convenience). The redaction utility explicitly tries to mask tokens and secrets before sharing. The env/config accesses are limited and relevant to OpenClaw auditing.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated long-term privileges. It does not modify other skills or global agent configs. Autonomous invocation is allowed (platform default) but not combined with broad credentials or persistence in this bundle.