ClawHub

Security Audit (Sona)

v0.1.3

Fail-closed security auditing for OpenClaw/ClawHub skills & repos: trufflehog secrets scanning, semgrep SAST, prompt-injection/persistence signals, and supply-chain hygiene checks before enabling or installing.

1· 2.5k·4 current·4 all-time
by@virtaava
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (fail-closed security audit) match the declared binaries (trufflehog, semgrep, jq, python3) and the provided scripts implement trufflehog/semgrep runs plus a Python hostile-audit scanner. The requested install packages and subprocess allowances are proportionate to the stated purpose.
Instruction Scope
SKILL.md and scripts instruct the agent to run scripts/run_audit_json.sh <path>, which legitimately reads the target repo/workspace and runs trufflehog/semgrep/hostile_audit.py. The scanner searches file contents for prompt-injection, exfiltration and persistence patterns — expected for this tool. One convenience wrapper (scripts/security_audit.sh) contains hard-coded user-specific paths (e.g., /home/virta/.openclaw/workspace/hybrid_orchestrator) which is an operational oddity you should inspect or edit before using; otherwise instructions do not attempt to transmit findings to external endpoints.
Install Mechanism
Install spec uses apt/brew for jq/trufflehog/semgrep and a shell pipx flow for semgrep (python3 -m pip install --user pipx && pipx install semgrep). These are reasonable but not zero-risk: pipx installs into the user environment (~/.local/bin) and the install script may modify PATH visibility. No opaque downloads or URL shorteners are used.
Credentials
No secrets or unrelated environment variables are requested. The only runtime env var referenced is OPENCLAW_AUDIT_LEVEL (for strictness), and run_audit_json.sh adds $HOME/.local/bin to PATH so pipx-installed binaries are visible. The tool intentionally scans filesystem targets provided by the user — that broad file access is expected for an auditor.
Persistence & Privilege
The skill does not request 'always: true' or elevated persistent presence. It does write temporary files under a tempdir and may write reports to user-specified paths; the manifest/docs describe quarantine/workdir locations. The wrapper script intentionally swallows non-zero exit codes (prints JSON and exits 0) — useful for embedding but something to be aware of when scripting behavior.
Assessment
This skill appears to be what it says: a conservative, fail-closed repo/skill auditor that runs trufflehog, semgrep, and a custom Python scanner. Before installing or running it: 1) Run it on a quarantined copy of the repository (do not point it at / or sensitive live directories). 2) Inspect and, if needed, edit scripts/security_audit.sh which contains hard-coded paths (/home/virta/...) so it doesn't scan unintended locations. 3) Expect pipx to be installed into your user environment (~/.local/bin); run_audit_json.sh prepends that path. 4) Confirm you want a fail-closed workflow: the tool treats missing manifest/lockfiles/persistence signals as FAIL by design. 5) If you need offline/no-network guarantees, ensure trufflehog/semgrep are run with update checks disabled (the repo notes this) and review semgrep/trufflehog versions before trusting results. 6) If you are uncertain, run the scripts manually on a copy and review the produced JSON before integrating into automated install/promotion flows.

Like a lobster shell, security has layers — review code before you run it.

auditvk975kt5296j50509q3q72s7gs980bbwkclawhubvk975kt5296j50509q3q72s7gs980bbwkdevsecopsvk975kt5296j50509q3q72s7gs980bbwklatestvk975kt5296j50509q3q72s7gs980bbwkopenclawvk975kt5296j50509q3q72s7gs980bbwkprompt-injectionvk975kt5296j50509q3q72s7gs980bbwksecurityvk975kt5296j50509q3q72s7gs980bbwksemgrepvk975kt5296j50509q3q72s7gs980bbwksupply-chainvk975kt5296j50509q3q72s7gs980bbwktrufflehogvk975kt5296j50509q3q72s7gs980bbwk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
Binsjq, trufflehog, semgrep, python3

Install

Install jq (brew)
Bins: jq
brew install jq
Install trufflehog (brew)
Bins: trufflehog
brew install trufflehog
Install semgrep (brew)
Bins: semgrep
brew install semgrep

Comments