ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OC Full Ops Audit Recipe

v0.1.0

End-to-end OpenClaw audit and remediation recipe for gateway, channels, nodes, security, and memory sync.

0· 391·0 current·0 all-time
by@xyezir

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xyezir/oc-full-ops-audit-recipe.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OC Full Ops Audit Recipe" (xyezir/oc-full-ops-audit-recipe) from ClawHub.
Skill page: https://clawhub.ai/xyezir/oc-full-ops-audit-recipe
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install oc-full-ops-audit-recipe

ClawHub CLI

Package manager switcher

npx clawhub@latest install oc-full-ops-audit-recipe
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description describe an end-to-end audit recipe and the SKILL.md contains a concise, matching workflow (baseline, classify, apply fixes, re-check, document). There are no extra binaries, env vars, or installs that would be unexpected for this purpose.
Instruction Scope
The instructions are high-level and remain within the scope of an audit recipe. However, two steps need clarification: (1) 'Apply fixes in risk order with rollback points' implies performing potentially disruptive actions but provides no guardrails, required credentials, or explicit approval step; (2) 'Write outcomes to daily memory + shared memory' instructs persistence of results but does not define what memory stores are, retention, or redaction rules. Both are scope-expanding details that should be explicit.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest-risk install profile. Nothing will be written or fetched by an installer during skill installation.
Credentials
The skill declares no required environment variables or credentials, which is consistent with a read-only audit. However, because it instructs applying fixes (which typically require elevated credentials) and writing results to shared memory, the absence of declared credential requirements is a gap — any implementation that actually performs fixes will need credentials that aren't described here.
Persistence & Privilege
always:false and user-invocable:true are appropriate. Still, the SKILL.md explicitly directs writing outcomes to persistent 'daily memory' and 'shared memory', which could cause retention of sensitive audit findings. Combine that with the platform's default autonomous invocation and you should confirm memory access controls, retention, and whether the skill will ask for explicit approval before making changes.
Assessment
This skill is a coherent, high-level audit recipe and appears benign, but it is intentionally vague about two important things: making changes and where results are stored. Before installing or running it, confirm: (1) where 'daily memory' and 'shared memory' live, who can read them, how long entries are retained, and whether outputs will be redacted to avoid leaking secrets; (2) that the agent will require and request explicit, itemized approval before performing any disruptive fixes, and that any credentials needed for remediation are managed and consented to separately; (3) that rollback points and verification steps are implemented so changes can be safely reverted. If you want a safer baseline, restrict this skill to read-only checks until remediation procedures, credential handling, and memory/retention policies are explicitly documented.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jxjgkbrkkd8b45es66c4t5822tx8
391downloads
0stars
1versions
Updated 8h ago
v0.1.0
MIT-0
@xyezir
latest
Download

OC Full Ops Audit Recipe

Goal

Provide a repeatable audit workflow that ends with verified fixes and documented memory updates.

Audit flow

  1. Baseline: status/health/gateway/security/nodes.
  2. Classify findings: critical, warning, info.
  3. Apply fixes in risk order with rollback points.
  4. Re-run checks and compare deltas.
  5. Write outcomes to daily memory + shared memory.

Deliverables

  • Audit summary table
  • Fix actions and verification
  • Residual risks and priority plan

Usage notes

  • Prefer read-only checks first.
  • Group disruptive changes behind explicit approval.
  • Keep outputs concise and operational.

Comments

Loading comments...