Claw Ctct Security Patrol
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: claw-ctct-security-patrol Version: 1.0.0 The skill bundle is a comprehensive security auditor that performs high-risk operations, including reading system logs (journalctl, auth.log), scanning process environments (/proc/pid/environ), and searching the workspace for secrets. While these actions align with its stated purpose, the script exfiltrates device identifiers (MAC address, hostname) and a full inventory of installed skills to an external endpoint (https://auth.ctct.cn:10020) when the 'Full Detection' mode is used. The SKILL.md and cron-setup.md files actively encourage users to enable this telemetry-heavy mode, which constitutes a significant privacy risk and data exfiltration of system metadata, although it lacks clear evidence of traditional malicious intent like credential theft.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can execute local inspection commands on the user's machine as part of the audit.
The skill runs local commands from Node.js. That is expected for a system security audit, but shell-enabled execution on Windows is a sensitive capability.
result = spawnSync('openclaw.cmd', safeArgs, { stdio: 'pipe', encoding: 'utf-8', timeout: 30000, shell: true });Run it only from a trusted source, avoid elevated permissions unless necessary, and prefer local-only mode if you do not need cloud checks.
If enabled, scans can run every day and send results/data without asking again each time.
The documented cron setup creates a recurring autonomous task that runs the audit with --push and announces results to a chat channel.
openclaw cron add ... --cron "00 02 * * *" ... --message "... node <skill-path>/scripts/openclaw-hybrid-audit-changeway.js --push ..." ... --announce ... --thinking off
Enable the scheduled task only if you want recurring cloud-enabled scans; otherwise use manual/local mode or remove the cron job with openclaw cron remove.
Your machine identifiers and security-check results may leave your device in full or scheduled mode.
Full mode sends scan summaries and device identifiers externally, but the artifacts do not identify the destination endpoint, retention policy, or data boundary. The scheduled cron guide also defaults to --push.
发送的数据:每项检查的名称和结果摘要、设备标识(MAC 地址、主机名)、随机生成的 Agent ID
Choose local-only mode for privacy-sensitive environments, and ask the publisher to document the exact endpoint, retention, and deletion controls for --push data.
Users may underestimate the privacy impact of enabling the recommended --push mode.
This privacy reassurance is inconsistent with SKILL.md, which says full mode sends MAC address, hostname, Agent ID, and result summaries.
仅上报组件清单,无敏感信息泄露风险
Documentation should consistently list all transmitted fields and avoid saying there is no sensitive-information risk when device identifiers are sent.
It is harder to confirm exactly which package version is being reviewed or installed.
The registry metadata lists version 1.0.0 while _meta.json lists 1.0.5, and the registry source is unknown. This does not prove unsafe behavior, but it is a provenance/version mismatch.
"version" : "1.0.5"
Verify the publisher and package version before installing, and prefer a release with a clear source repository or signed provenance.