OS Activity
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent and does not show exfiltration, but it gives the agent broad visibility into recent files, directories, installed programs, and process command lines with limited scoping or redaction.
Install only if you are comfortable with OpenClaw seeing local activity such as recent file paths, recently opened folders, installed programs, and process command lines. Run the commands intentionally, review outputs before reuse, and consider adding filters or redaction for sensitive paths and command-line arguments.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may see sensitive details about what is running on the computer and how those programs were launched.
The skill collects full command lines and current working directories for all running processes; these fields can contain private project paths, URLs, arguments, or secrets and are intended to be returned to OpenClaw for personalization.
SELECT pid, name, parent, path, start_time, cmdline, cwd, user_time, system_time, percent_processor_time FROM processes ORDER BY pid;
Only run this when needed, and prefer adding redaction or filters for command-line arguments and working directories before exposing results to the agent.
The agent could learn a broad history of recently opened folders, including private, work, or sensitive locations.
The osquery command pulls up to 1000 recent directory artifacts without a user-selectable path scope, allowlist, or exclusion list.
SELECT source, path, accessed_time, created_time, modified_time FROM shellbags ORDER BY accessed_time DESC LIMIT 1000;
Add explicit confirmation and narrow scoping controls, such as limiting queries to user-approved folders or reducing returned fields and row counts.
Installation adds a local system-inspection tool that the skill scripts later execute.
The install helper downloads an external osquery release and includes checksum verification data. This is purpose-aligned, but users should notice that installing the skill involves adding a third-party executable.
BASE_URL = f"https://github.com/osquery/osquery/releases/download/{VERSION}" ... CHECKSUMS = {Verify the osquery source and checksum before installing, and keep the downloaded binary updated from the official project.