openclaw-ref Security Report — Trusted | ClawSafe

0 /100

openclaw-ref

OpenClaw platform reference - plugin system, extensions, configuration, boot/provisioning, channels, models, CLI

This is a pure documentation/reference skill containing only Markdown files describing the OpenClaw platform. No executable code, scripts, dependencies, or dangerous patterns are present.

Skill Nameopenclaw-ref

Duration27.9s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	Markdown files contain only read-only reference documentation
Network	`NONE`	`NONE`	—	No network calls; example URLs are generic documentation placeholders
Shell	`NONE`	`NONE`	—	No shell scripts or command execution found
Environment	`NONE`	`NONE`	—	No environment variable access or iteration
Skill Invoke	`READ`	`READ`	✓ Aligned	SKILL.md explicitly grants read-only reference access to platform documentation
Clipboard	`NONE`	`NONE`	—	No clipboard access patterns
Browser	`NONE`	`NONE`	—	No browser automation or interaction
Database	`NONE`	`NONE`	—	No database access or queries

3 findings

🔗

Medium External URL 外部 URL

https://www.apache.org/licenses/

LICENSE.txt:3

🔗

Medium External URL 外部 URL

https://api.provider.com/v1

references/models-providers.md:12

🔗

Medium External URL 外部 URL

https://instance.agentbox.ai/v1

references/models-providers.md:104

File Tree

9 files · 184.6 KB · 3662 lines

Markdown 8f · 3500L Text 1f · 162L

├─ ▾ 📁 references

│ ├─ 📝 boot-provisioning.md Markdown 521L · 25.3 KB

│ ├─ 📝 channels-extensions.md Markdown 351L · 20.4 KB

│ ├─ 📝 cli-commands.md Markdown 404L · 20.1 KB

│ ├─ 📝 configuration.md Markdown 692L · 28.5 KB

│ ├─ 📝 github-context.md Markdown 448L · 32.7 KB

│ ├─ 📝 models-providers.md Markdown 333L · 14.8 KB

│ └─ 📝 plugin-system.md Markdown 672L · 29.6 KB

├─ 📄 LICENSE.txt Text 162L · 8.9 KB

└─ 📝 SKILL.md Markdown 79L · 4.4 KB

Security Positives

✓ Pure documentation/reference skill with no executable code

✓ All content is Markdown - no scripts, binaries, or compiled code

✓ No external resource fetches or network dependencies

✓ No credential harvesting or sensitive path access

✓ No obfuscation techniques (base64, eval, etc.)

✓ License file present (Apache 2.0) with standard attribution

✓ Documentation is well-structured with version tracking (2026.4.1)

✓ Pre-scan identified no sensitive files, binary files, or IOC threats

✓ Example URLs in documentation are generic placeholders (api.provider.com, instance.agentbox.ai) not pointing to malicious infrastructure

Scan Report

File Tree

Security Positives