Claw Audit
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: claw-audit Version: 1.1.0 The OpenClaw AgentSkills skill bundle 'claw-audit' is a security scanner and hardening tool. It is designed to detect malicious patterns, audit configurations, and harden the underlying OS. While its code contains patterns that *look* malicious (e.g., regexes for 'curl|bash', '.env', 'reverse.shell', 'ignore previous instructions'), these are used for *detection* purposes, not execution. The `SKILL.md` explicitly includes strong anti-prompt injection rules and guardrails. Scripts use safe command execution methods (`spawnSync` with argument arrays) and `auto-fix.mjs` only *recommends* system-level fixes, never auto-applying them. There is no evidence of intentional data exfiltration or unauthorized remote control; sensitive file access is solely for auditing, and external network calls (e.g., to 169.254.169.254) are for vulnerability checks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the skill may change local OpenClaw security settings.
The skill can run an auto-fix script that may change OpenClaw configuration, but the artifact instructs the agent to ask for confirmation first.
### Auto-Fix ... `node scripts/auto-fix.mjs` ... **Always ask for confirmation before applying fixes.** Show what will change and let the user approve.
Review the proposed changes before approving auto-fix; prefer dry-run or manual review for important configurations.
The skill needs local access to configuration and credential-related files to report insecure storage.
The config auditor reads local .env files to detect known credential key names. The shown code reports presence/key names, not secret values.
const envFile = join(stateDir, ".env"); ... const content = readFileSync(envFile, "utf-8"); ... `Plaintext credential found: ${key}`Only run it in an environment where you are comfortable with a local audit tool inspecting OpenClaw config and .env files.
Watch mode may continue consuming resources and observing local skill/config changes until stopped.
The skill includes a long-running/background monitor, but it is disclosed and tied to user requests to watch or monitor.
### Watch Mode ... `node scripts/watch.mjs` ... This runs in the background and alerts when new skills are installed or config changes.
Start watch mode only when you want ongoing monitoring, and stop the process when monitoring is no longer needed.
It may be harder to independently verify where the code came from or compare it with an upstream release.
The registry metadata does not provide a source repository or homepage, which weakens provenance for a tool that runs local audit scripts.
Source: unknown; Homepage: none
Install only from a trusted registry entry, review the bundled files, and prefer a verified source repository when available.
Users might place too much confidence in the exact implementation claim.
Static scan snippets show some internal `execSync` template-literal command wrappers, so this safety guarantee is overstated even though the shown commands appear to run bundled scripts rather than user-provided commands.
**No shell injection risk** — external processes use `spawnSync` with argument arrays, never template literals
Treat the README guarantee as imprecise; maintainers should update the wording or replace shell-string execSync calls with argument-array process execution.