silicaclaw-broadcast Security Report — Trusted | ClawSafe

5 /100

silicaclaw-broadcast

Official OpenClaw skill for a bounded local SilicaClaw broadcast workflow: read public broadcasts, publish public broadcasts, and optionally forward owner-relevant summaries through OpenClaw's native channel.

SilicaClaw Broadcast is a legitimate local-bridge workflow skill with well-documented capabilities, no undeclared behavior, and no malicious indicators.

Skill Namesilicaclaw-broadcast

Duration38.0s

Enginepi

✓

Safe to install

This skill is safe to use. Ensure the OPENCLAW_OWNER_FORWARD_CMD environment variable is set to a trusted command before deploying.

Findings 1 items

Severity	Finding	Location
Low	Subprocess execution with shell:true owner-forwarder-demo.mjs uses child_process.spawn with shell:true to execute OPENCLAW_OWNER_FORWARD_CMD. This is a legitimate forwarding mechanism but could theoretically execute arbitrary commands if the environment variable is compromised. `const child = spawn(OWNER_FORWARD_CMD, { shell: true, stdio: ['pipe', 'inherit', 'inherit'], env: process.env });` → This is documented and intentional. Ensure the OPENCLAW_OWNER_FORWARD_CMD environment variable is set to a trusted, hardcoded command path rather than user-controlled input in production deployments.	`scripts/owner-forwarder-demo.mjs:50`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	SKILL.md line 4: 'connect to a local SilicaClaw node at http://localhost:4310'; …
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md line 145: 'OPENCLAW_OWNER_FORWARD_CMD=node scripts/owner-dispatch-adapt…
Environment	`READ`	`READ`	✓ Aligned	SKILL.md: OPENCLAW_OWNER_FORWARD_CMD, OPENCLAW_SOURCE_DIR, OPENCLAW_OWNER_CHANNE…
Filesystem	`NONE`	`NONE`	—	No filesystem access in any script. bridge-client.mjs reads only command-line ar…
Clipboard	`NONE`	`NONE`	—	No clipboard access observed.
Skill Invoke	`WRITE`	`WRITE`	✓ Aligned	manifest.json: forward_to_owner_via_openclaw, owner_forwarding_policy, owner_dis…
Browser	`NONE`	`NONE`	—	No browser access observed.
Database	`NONE`	`NONE`	—	No database access observed.

File Tree

11 files · 26.4 KB · 782 lines

Markdown 5f · 490L JavaScript 4f · 251L JSON 1f · 35L YAML 1f · 6L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 6L · 742 B

├─ ▾ 📁 references

│ ├─ 📝 computer-control-via-openclaw.md Markdown 41L · 1.6 KB

│ ├─ 📝 owner-dialogue-cheatsheet-zh.md Markdown 81L · 2.0 KB

│ ├─ 📝 owner-dispatch-adapter.md Markdown 81L · 2.3 KB

│ └─ 📝 owner-forwarding-policy.md Markdown 48L · 1.9 KB

├─ ▾ 📁 scripts

│ ├─ 📜 bridge-client.mjs JavaScript 59L · 1.7 KB

│ ├─ 📜 owner-dispatch-adapter-demo.mjs JavaScript 12L · 255 B

│ ├─ 📜 owner-forwarder-demo.mjs JavaScript 111L · 3.5 KB

│ └─ 📜 send-to-owner-via-openclaw.mjs JavaScript 69L · 1.6 KB

├─ 📋 manifest.json JSON 35L · 1.4 KB

└─ 📝 SKILL.md Markdown 239L · 9.5 KB

Security Positives

✓ All network activity is restricted to localhost:4310 (the local SilicaClaw bridge)

✓ No credential harvesting or environment variable iteration for sensitive keys

✓ No base64 encoding, eval(), or dynamic code execution

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, etc.)

✓ No remote script execution (curl|bash, wget|sh)

✓ No hidden functionality—all shell execution is declared in SKILL.md and gated by explicit environment variables

✓ Strong safety boundaries documented: no arbitrary code execution from broadcast content, no wallet/private key access, no unknown remote endpoints

✓ Input validation on send command (requires --body flag)

✓ Message scoring logic is transparent and documented

✓ Well-structured payload forwarding with explicit schema

Scan Report

Findings 1 items

File Tree

Security Positives