ctct-security-patrol
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ctct-security-patrol Version: 1.0.9 The bundle is a security auditing tool that collects sensitive system information, including MAC addresses, hostnames, system logs, and a full list of installed skills. While it defaults to a local mode, the optional '--push' mode exfiltrates device fingerprints and skill metadata to a remote server (auth.ctct.cn) for 'threat intelligence' scoring. The script 'openclaw-hybrid-audit-changeway.js' also performs DLP-style scans for private keys and mnemonics in the workspace and audits process environment variables. Although the behavior is transparently documented in 'SKILL.md' and requires explicit user consent ('2 已了解'), the high-risk capabilities for fingerprinting and remote data reporting align with suspicious behavior rather than benign utility.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can run local system and OpenClaw commands during a scan.
The skill executes local commands, including a Windows shell-enabled .cmd invocation. This is disclosed and appears purpose-aligned for a local security audit, but users should recognize it grants the skill command-execution capability.
const { spawnSync } = require('child_process'); ... result = spawnSync('openclaw.cmd', safeArgs, { stdio: 'pipe', encoding: 'utf-8', timeout: 30000, shell: true });Run it only if you trust the bundled script and prefer the default local mode unless you need the optional upload.
If you choose --push, the service can correlate repeated uploads from the same device and learn your installed Skill set.
In --push mode, the skill sends device identifiers, a persistent agent ID, the installed Skill list, and scan summary data to auth.ctct.cn. The artifacts disclose the endpoint and require explicit confirmation.
上报内容:MAC 地址、主机名、持久化 agent_id(首次 --push 时生成并永久保存在本机)、本机完整 Skill 清单、本次扫描汇总统计
Use local mode for privacy-sensitive environments; choose --push only if you trust Changeway/auth.ctct.cn and accept device fingerprinting.
Sensitive audit details can remain on disk after the scan.
The skill stores full local audit details and baselines persistently under ~/.openclaw/. This is disclosed and local, but the stored reports may contain sensitive system/log information.
扫描报告、安全基线文件均持久化保存在 ~/.openclaw/ 目录下 ... detail(完整命令输出,仅本地落盘,不上传)
Review and protect ~/.openclaw/security-reports/ and remove old reports if they are no longer needed.
If enabled, a scheduled agent session will run the audit every day and announce a summary.
The skill can help create a persistent daily OpenClaw cron job. The setup is user-selected and explicitly forbids --push in cron, but it still creates ongoing automated activity.
openclaw cron add ... --cron "45 23 * * *" ... --session "isolated" ... --announce
Enable cron only if you want ongoing scans; verify the job contents and remove it with openclaw cron remove when no longer needed.
You have less external context for who maintains the code and where to verify it.
The registry metadata provides limited upstream provenance even though the skill includes a sizeable runnable Node.js script. This is not malicious by itself, but it reduces independent verifiability.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Inspect the bundled script and only install from a registry/publisher you trust.