Security Audit Enhanced
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: security-audit-enhanced Version: 1.0.0 This skill bundle provides an 'Enhanced Security Audit Framework' designed to scan AI agent configurations for security vulnerabilities. The `SKILL.md` documentation clearly outlines its purpose and usage, including checks for gateway exposure, credential security, and file permissions. The Python scripts (`audit.py`, `check_permissions.py`, `generate_report.py`) primarily read configuration files (`~/.clawdbot/clawdbot.json`), check file permissions using `stat` and `ls`, and generate reports. The `check_permissions.py` script can modify file permissions using `os.chmod` when explicitly invoked with `--fix`, but its stated intent is to *tighten* permissions to more secure values (e.g., `700` for directories, `600` for files). There is no evidence of data exfiltration, unauthorized remote execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent's intended behavior. All actions are transparently aligned with the stated goal of a security audit and hardening tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may report on sensitive local agent configuration, credential file names, and permission settings.
The audit script deliberately inspects local agent configuration and credential-related directories. That is expected for the stated security-audit purpose, but these locations can reveal sensitive account or agent setup details.
CONFIG_PATHS = [Path.home() / ".clawdbot" / "clawdbot.json", ...] CREDENTIALS_PATHS = [Path.home() / ".clawdbot" / "credentials", Path.home() / ".clawdbot" / "agents"]
Run it only in environments where you are comfortable exposing configuration paths and security findings to the agent/session, and review generated reports before sharing them.
If invoked with a broad or incorrect path, it could change permissions on more files than intended.
The helper can recursively change permissions for a user-supplied path when --fix is used. This is purpose-aligned for remediation, but it is a local mutation capability.
parser.add_argument("--fix", action="store_true", help="Fix permissions automatically") ... os.chmod(item_path, expected)Run the audit/check mode first, confirm the target path is narrow and correct, and only then use --fix if you want those permission changes.
Opening a generated HTML report from untrusted input could expose the user to browser-side script execution.
The HTML report generator inserts finding and recommendation text into HTML without visible escaping. If the input JSON or audited values were untrusted or tampered with, active HTML/script content could be rendered when the report is opened.
<p class="finding-text">{finding.get("finding", "")}</p>
<strong>Fix:</strong> {finding.get("recommendation", "")}Generate reports only from trusted audit output, and escape HTML fields before rendering if this tool will process shared or untrusted JSON reports.
Users may need to verify where the scripts are installed and ensure they are running the reviewed files.
The artifacts include runnable scripts, while the skill has no explicit install specification and the documentation references running scripts from ~/.security-audit. This is a packaging clarity/provenance note, not evidence of malicious behavior.
No install spec — this is an instruction-only skill.
Install from the registry or a trusted checkout, and verify the script path before running commands from the documentation.