Claw Audit
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions, you-are-now, system-prompt-override); human review is required before treating this skill as clean.
This skill looks purpose-aligned for local OpenClaw security auditing. Before installing, be comfortable with it running local Node/Bash scripts, reading OpenClaw configuration and .env-style files, and optionally changing config after confirmation. Use watch mode only when you want ongoing monitoring, and review auto-fix changes before approving them. ClawScan detected prompt-injection indicators (ignore-previous-instructions, you-are-now, system-prompt-override), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the skill may change local OpenClaw security settings.
The skill can run an auto-fix script that may change OpenClaw configuration, but the artifact instructs the agent to ask for confirmation first.
### Auto-Fix ... `node scripts/auto-fix.mjs` ... **Always ask for confirmation before applying fixes.** Show what will change and let the user approve.
Review the proposed changes before approving auto-fix; prefer dry-run or manual review for important configurations.
The skill needs local access to configuration and credential-related files to report insecure storage.
The config auditor reads local .env files to detect known credential key names. The shown code reports presence/key names, not secret values.
const envFile = join(stateDir, ".env"); ... const content = readFileSync(envFile, "utf-8"); ... `Plaintext credential found: ${key}`Only run it in an environment where you are comfortable with a local audit tool inspecting OpenClaw config and .env files.
Watch mode may continue consuming resources and observing local skill/config changes until stopped.
The skill includes a long-running/background monitor, but it is disclosed and tied to user requests to watch or monitor.
### Watch Mode ... `node scripts/watch.mjs` ... This runs in the background and alerts when new skills are installed or config changes.
Start watch mode only when you want ongoing monitoring, and stop the process when monitoring is no longer needed.
It may be harder to independently verify where the code came from or compare it with an upstream release.
The registry metadata does not provide a source repository or homepage, which weakens provenance for a tool that runs local audit scripts.
Source: unknown; Homepage: none
Install only from a trusted registry entry, review the bundled files, and prefer a verified source repository when available.
Users might place too much confidence in the exact implementation claim.
Static scan snippets show some internal `execSync` template-literal command wrappers, so this safety guarantee is overstated even though the shown commands appear to run bundled scripts rather than user-provided commands.
**No shell injection risk** — external processes use `spawnSync` with argument arrays, never template literals
Treat the README guarantee as imprecise; maintainers should update the wording or replace shell-string execSync calls with argument-array process execution.