Claw Audit
v1.1.0Security scanner and hardening tool for OpenClaw. Use when the user asks about security, wants to scan installed skills for malware or vulnerabilities, audit...
⭐ 3· 573·2 current·2 all-time
by@u45362
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the bundled artifacts: Node and Bash are required and present in metadata, and the repo contains auditors (skills scanner, config auditor, system auditor), a scoring tool, auto-fix and watch components. The files referenced (OpenClaw config, state files, system checks) are exactly what a security scanner would legitimately need.
Instruction Scope
SKILL.md instructs the agent to run explicit audit scripts (node/bash commands) and defines clear output/behavior. The instructions reference reading OpenClaw config/state files and system-level checks (e.g., SSH, UFW) — expected for this purpose. The SKILL.md and references intentionally contain prompt-injection and malicious-pattern examples (used as detection signatures); this is expected but worth noting because static scanners flag those strings.
Install Mechanism
No remote download/install step is declared in the registry metadata (no install spec). The package includes local scripts and no package managers or third‑party installers are invoked. No archived remote URLs or extract steps were found in the metadata provided.
Credentials
The skill requests only Node and Bash (no credentials or unrelated environment variables). It reads local OpenClaw config/state files and system data (expected for audits). No wide-ranging secret access is declared. The scripts do search for credential files (.env, creds, SSH keys) but only to report their presence — this is proportional to the stated goal.
Persistence & Privilege
always:false and no install-time persistence or global privilege escalation are requested. The skill can run autonomously per platform defaults, which is normal for skills; auto-fix explicitly demands confirmation before making changes. No evidence that it modifies other skills' configs or requires always:true privilege.
Scan Findings in Context
[prompt-injection-strings-in-SKILL.md] expected: The SKILL.md and references intentionally include prompt-injection patterns (e.g., 'ignore previous instructions', 'you are now', 'new system prompt') because the scanner's detection database contains those patterns. Static scanners correctly flagged them, and their presence is coherent with the tool's purpose.
Assessment
This package appears to be a legitimate OpenClaw security/audit tool. Before running it: 1) Review scan-skills.sh, watch.mjs, and auto-fix.mjs to confirm they only read and report (and that auto-fix requires explicit confirmation). 2) Run audits as a non-root/unprivileged user first — some system checks require root to be comprehensive but running as root increases risk. 3) Use --dry-run / --json or run inside an isolated test VM/container to observe behavior before letting it modify configuration. 4) Verify the code origin (owner/commit) if you require provenance — the registry owner is present but the homepage is missing. 5) If you plan to enable watch/automatic monitoring, inspect how it notifies you and ensure no unexpected network endpoints are used. Overall the package is coherent with its stated purpose, but standard caution (review code, run in sandbox) still applies.Like a lobster shell, security has layers — review code before you run it.
latestvk97c59fapexv1fw0d1af66g7z181vjvv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
Binsnode, bash