Zero2ai Security Audit
ReviewAudited by ClawScan on May 10, 2026.
Overview
The scanner mostly matches its security-audit purpose, but it hardcodes an author's local execution path and tells the agent to report exposed secrets to “Aladdin,” which is unsafe for general users.
Review and modify this skill before installing: remove the “Report to Aladdin” instruction, replace the hardcoded /home/aladdin path with the actual installed skill path, and consider masking detected secret values in output. The core scanner behavior is useful, but these issues should be fixed before using it on private repositories.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the scanner finds a real secret, an agent following this instruction could disclose sensitive incident details to an unclear third party.
The skill instructs the agent to report a real secret exposure to a named person whose role and authorization are not defined for general users.
Report to Aladdin immediately with severity and what was exposed.
Remove this instruction or replace it with guidance to report only to the current user or an explicitly authorized security contact, and avoid sharing raw secret values.
The agent may fail, or worse, execute a local script at that absolute path rather than the bundled reviewed script.
The documented command path is hardcoded to a personal home directory and a folder name that may not match the installed reviewed skill.
`{skill_dir}` = `/home/aladdin/.openclaw/workspace/skills/skill-security-audit`Use the runtime-provided current skill directory or a relative path to the bundled script, and declare required tools such as python3 and git.
This can block or delay commits, pushes, or publishes when the scanner reports findings.
The skill intentionally adds a mandatory gate before development and publishing actions.
Run `scripts/audit.py` before every commit, push, or skill publish. No exceptions.
Treat this as a security gate only if you want that workflow; users should retain an explicit override path for understood false positives.
Detected credentials may be exposed in terminal output, chat transcripts, or other places where tool output is stored.
Scanner findings include the matching source line and up to 40 characters of the detected value, which may place real secrets into logs or agent context.
"match": line.strip()[:120],
"value_preview": value[:40]Mask secret values in scanner output by default and show only file path, line number, rule ID, and a short redacted fingerprint.