Config Tracker Security Report — Low Risk | ClawSafe

20 /100

Config Tracker

自动追踪并提交 OpenClaw 配置文件和关键 markdown 文件的变更

A legitimate OpenClaw configuration tracking plugin that uses undeclared shell execution for git operations, but lacks malicious intent or data exfiltration behavior.

Skill NameConfig Tracker

Duration49.8s

Enginepi

✓

Safe to install

Add explicit allowed-tools declaration in SKILL.md listing shell:WRITE for git operations. Consider documenting the shell dependency to reduce ambiguity.

Findings 2 items

Severity	Finding	Location
Low	Undeclared shell execution capability Doc Mismatch SKILL.md does not declare the use of spawnSync for executing git commands. This is necessary for the stated functionality but violates transparency requirements. `const result = spawnSync('git', [...configArgs, ...args], {...})` → Add 'allowed-tools: Bash→shell:WRITE' to SKILL.md to declare git command execution capability	`config-tracker.js:100`
Low	Accesses potentially sensitive config file Sensitive Access The plugin reads ~/.openclaw/openclaw.json which may contain API keys and provider configurations. However, the code only tracks changes via git, not extract credentials. `const openclawConfigPath = expandTilde(this.config.openclawConfig);` → Document that the skill accesses openclaw.json for change tracking purposes only	`config-tracker.js:228`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	config-tracker.js:228 - reads openclaw.json and workspace files without declarat…
Shell	`NONE`	`WRITE`	✗ Violation	config-tracker.js:100 - spawnSync('git', ...) executes shell commands without de…
Network	`NONE`	`NONE`	—	No network operations observed
Environment	`NONE`	`READ`	✓ Aligned	config-tracker.js:94 - copies process.env but only for git execution, not creden…

1 findings

🔗

Medium External URL 外部 URL

https://openclaw.ai/schemas/plugin-manifest.v1.json

openclaw.plugin.json:2

File Tree

6 files · 16.6 KB · 559 lines

JavaScript 2f · 397L JSON 3f · 97L Markdown 1f · 65L

├─ 📜 config-tracker.js JavaScript 387L · 12.0 KB

├─ 📜 index.js JavaScript 10L · 168 B

├─ 📋 openclaw.plugin.json JSON 69L · 1.7 KB

├─ 📋 package.json JSON 17L · 388 B

├─ 📋 plugin.json JSON 11L · 273 B

└─ 📝 SKILL.md Markdown 65L · 2.1 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`node:fs/promises`	`builtin`	node	No	Node.js built-in module
`node:path`	`builtin`	node	No	Node.js built-in module
`node:os`	`builtin`	node	No	Node.js built-in module
`node:child_process`	`builtin`	node	No	Node.js built-in module - spawnSync used for git

Security Positives

✓ No credential harvesting - process.env is only copied for git execution environment, not for extracting secrets

✓ No network exfiltration - all operations are local git commits

✓ No obfuscation or encoded payloads

✓ Git operations are scoped to specific tracked files, not broad repository scanning

✓ Uses spawnSync (synchronous) rather than exec for controlled execution

✓ Includes 5-second cooldown to prevent rapid-fire commits

✓ No remote script execution (curl|bash, wget|sh)

✓ Dependencies are minimal and pinned (only Node.js built-ins)

Scan Report

Findings 2 items

File Tree

Dependencies 4 items

Security Positives