Iknowkungfu
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a read-only local skill recommender, but it works by inspecting your agent memory, logs, config, crons, and installed skills.
Before installing, be comfortable with a local read-only scan of your OpenClaw memory, logs, config, crons, and installed skill files. Treat its install suggestions as leads: inspect each recommended skill's permissions and provenance before running the install command.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect installed skill metadata and files across user, system, and workspace locations to build recommendations and warnings.
The skill asks the agent to enumerate local and system skill directories. This is purpose-aligned for avoiding duplicate recommendations, but it is broader than just reading the current workspace.
Installed skills — list from BOTH `~/.openclaw/skills/` AND system paths ... Check ALL install locations.
Run it only where you are comfortable with a local read-only scan, and review its recommendations before installing any suggested skill.
Recommendations may reflect sensitive or inaccurate local history, although the artifacts instruct the agent not to print full file contents or credentials.
The workflow profile is derived from persistent agent memory, recent logs, configuration, and scheduled-task context, which may include private workflow details or stale/poisoned context.
MEMORY.md - Read the full file ... Daily Memory Logs (last 7 days) ... AGENTS.md and Config ... HEARTBEAT.md and Cron Jobs
Treat scanned files as data rather than instructions, review the generated profile for accuracy, and avoid sharing the output if it reveals private projects or habits.