中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
agent-config-validator
OpenClaw Agent配置验证器 — 验证 openclaw.json 与 agent 目录结构的一致性,检测过时引用,生成诊断报告并支持安全自动修复
The agent-config-validator skill is a legitimate configuration validation tool for OpenClaw multi-agent systems with well-designed security mechanisms including default read-only mode, whitelist-based auto-repair, protected document safeguards, and automatic backups.
Skill Nameagent-config-validator
Duration42.2s
Enginepi
Safe to install
This skill is safe to use. Its filesystem:WRITE permission is fully declared and scoped to openclaw.json auto-repair with a security whitelist. No action required.

Findings 3 items

Severity Finding Location
Low
Write access not reflected in pi allowed-tools mapping
SKILL.md clearly describes filesystem write operations (auto-repair, backups) but the pi allowed-tools mapping only declares filesystem:READ. This is a documentation/integration gap rather than a security issue.
filesystem:READ via Read tool; filesystem:WRITE for auto-repair is documented in SKILL.md but not in allowed-tools
→ Update the pi allowed-tools mapping to include filesystem:WRITE if this skill is deployed in a pi environment where auto-repair is intended to be used.
 SKILL.md:1
Info
Hardcoded deleted agent pattern list
The code contains a hardcoded list of 'deleted agents' (zoro, sanji, luobing, qjoba, robin) used for pattern matching in documents. This is a non-security quirk specific to the demo dataset.
const deletedAgents = ['zoro', 'sanji', 'luobing', 'qjoba', 'robin'];
→ No action needed; this is a legitimate use case for a config validator targeting a specific multi-agent system.
 src/validator.js:319
Info
Default path 'D:\OpenClaw' used as fallback
The detectOpenClawRoot() method defaults to 'D:\OpenClaw' if no config is found. This is a Windows-specific path used only for demo/test purposes and does not cause harm.
return 'D:\\OpenClaw';
→ No action needed; this is a standard defensive fallback for an environment-specific tool.
 src/validator.js:68
ResourceDeclaredInferredStatusEvidence
Filesystem READ WRITE ✓ Aligned SKILL.md declares read access for config checks; write access for auto-repair is…
Network NONE NONE No network calls in src/validator.js or test-skill.js
Shell NONE NONE No shell execution in validator.js; test-skill.js uses execSync only for local n…
Environment NONE NONE process.env.OPENCLAW_ROOT is read for path detection only; no iteration over env…
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser access
Database NONE NONE No database access
1 findings
📧
Info Email 邮箱地址
[email protected]
skills/agent-config-validator/package.json:16

File Tree

8 files · 65.0 KB · 2297 lines
Markdown 4f · 1312L JavaScript 2f · 919L JSON 2f · 66L
├─ 📁 skills
│ └─ 📁 agent-config-validator
│ ├─ 📋 package.json JSON 39L · 921 B
│ ├─ 📝 README.md Markdown 274L · 5.6 KB
│ └─ 📝 SKILL.md Markdown 382L · 9.6 KB
├─ 📁 src
│ └─ 📜 validator.js JavaScript 883L · 31.5 KB
├─ 📋 package.json JSON 27L · 657 B
├─ 📝 README-en.md Markdown 274L · 6.1 KB
├─ 📝 SKILL.md Markdown 382L · 9.6 KB
└─ 📜 test-skill.js JavaScript 36L · 1.0 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
none N/A package.json No No npm dependencies — uses only Node.js built-in modules (fs, path, readline, child_process for test only)

Security Positives

✓ Default read-only mode — fix=false by default, never modifies anything without explicit opt-in
✓ Security whitelist (SAFE_TO_AUTO_FIX) restricts auto-repair to only 3 safe config paths
✓ Protected documents list (IDENTITY.md, SOUL.md, MEMORY.md, USER.md, HEARTBEAT.md, TOOLS.md) are explicitly protected from any auto-modification
✓ Automatic timestamped backups created before any config write
✓ Interactive confirmation required for sensitive changes (agents.list, models, channels, auth)
✓ No credential harvesting — process.env is used only for OPENCLAW_ROOT path detection
✓ No network calls or external communications of any kind
✓ No eval(), no base64 decoding, no obfuscated code
✓ No remote script execution (no curl|bash or wget|sh patterns)
✓ No dependencies in package.json — zero supply chain risk
✓ Dry-run mode available to preview changes before execution
✓ Comprehensive documentation that accurately reflects implementation