ctct-security-patrol
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like a disclosed security-audit skill, but it is privacy-sensitive because it runs local system checks, stores reports, can create a scheduled scan, and can optionally upload device and Skill-list summaries.
Before installing, decide whether you trust the publisher and the bundled Node.js script. Use the default local mode if you do not want network upload. Choose --push only after accepting that MAC address, hostname, persistent agent_id, Skill list, and scan summaries go to auth.ctct.cn. Enable cron only if you want recurring local scans, and periodically review or delete stored reports under ~/.openclaw/.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can run local system and OpenClaw commands during a scan.
The skill executes local commands, including a Windows shell-enabled .cmd invocation. This is disclosed and appears purpose-aligned for a local security audit, but users should recognize it grants the skill command-execution capability.
const { spawnSync } = require('child_process'); ... result = spawnSync('openclaw.cmd', safeArgs, { stdio: 'pipe', encoding: 'utf-8', timeout: 30000, shell: true });Run it only if you trust the bundled script and prefer the default local mode unless you need the optional upload.
If you choose --push, the service can correlate repeated uploads from the same device and learn your installed Skill set.
In --push mode, the skill sends device identifiers, a persistent agent ID, the installed Skill list, and scan summary data to auth.ctct.cn. The artifacts disclose the endpoint and require explicit confirmation.
上报内容:MAC 地址、主机名、持久化 agent_id(首次 --push 时生成并永久保存在本机)、本机完整 Skill 清单、本次扫描汇总统计
Use local mode for privacy-sensitive environments; choose --push only if you trust Changeway/auth.ctct.cn and accept device fingerprinting.
Sensitive audit details can remain on disk after the scan.
The skill stores full local audit details and baselines persistently under ~/.openclaw/. This is disclosed and local, but the stored reports may contain sensitive system/log information.
扫描报告、安全基线文件均持久化保存在 ~/.openclaw/ 目录下 ... detail(完整命令输出,仅本地落盘,不上传)
Review and protect ~/.openclaw/security-reports/ and remove old reports if they are no longer needed.
If enabled, a scheduled agent session will run the audit every day and announce a summary.
The skill can help create a persistent daily OpenClaw cron job. The setup is user-selected and explicitly forbids --push in cron, but it still creates ongoing automated activity.
openclaw cron add ... --cron "45 23 * * *" ... --session "isolated" ... --announce
Enable cron only if you want ongoing scans; verify the job contents and remove it with openclaw cron remove when no longer needed.
You have less external context for who maintains the code and where to verify it.
The registry metadata provides limited upstream provenance even though the skill includes a sizeable runnable Node.js script. This is not malicious by itself, but it reduces independent verifiability.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Inspect the bundled script and only install from a registry/publisher you trust.