claude-code-openclaw Security Report — Low Risk | ClawSafe

15 /100

claude-code-openclaw

Delegate implementation, review, and official BMad agent-driven workflows to local Claude Code

This is a legitimate Claude Code orchestration skill that invokes Claude CLI via subprocess/pexpect. No malicious behavior detected—shell execution is declared in SKILL.md, no credential theft, no obfuscation, no external data exfiltration beyond standard messaging.

Skill Nameclaude-code-openclaw

Duration90.8s

Enginepi

✓

Safe to install

Safe to use. Monitor usage of bypassPermissions profile when untrusted workflows are involved. Consider using 'default-safe' profile for sensitive environments.

Findings 2 items

Severity	Finding	Location
Low	bypassPermissions Default May Amplify Risk Priv Escalation The default permission mode in run_bmad_persona.py and run_claude_task.sh is 'bypassPermissions', which auto-approves all Claude Code operations. This is intentional for automation but could amplify impact if a malicious workflow is injected. `ap.add_argument('--permission-mode', default='bypassPermissions')` → Use 'default-safe' profile (acceptEdits mode) for untrusted workflows. Document this risk in SKILL.md.	`scripts/run_bmad_persona.py:300`
Low	Hook Installation Modifies Claude Settings Doc Mismatch install_claude_hooks.py modifies .claude/settings.local.json to install event hooks. This is not prominently declared in SKILL.md. `Install compact Claude event hooks into a repo's .claude/settings.local.json` → Add hook installation to SKILL.md resource declarations.	`scripts/install_claude_hooks.py:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	State files, checkpoints, transcripts written to .claude/orchestrator/
Shell	`WRITE`	`WRITE`	✓ Aligned	claude_orchestrator.py:line 389-398 spawns Claude via pexpect; run_claude_task.s…
Network	`READ`	`READ`	✓ Aligned	External communication only via openclaw binary for messaging (claude_dispatch_u…
Environment	`READ`	`READ`	✓ Aligned	Environment passed through to Claude via build_child_env() (claude_orchestrator.…
Browser	`NONE`	`NONE`	—	N/A
Skill Invoke	`READ`	`READ`	✓ Aligned	Invokes Claude Code workflows as documented in SKILL.md

17 findings

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/llms.txt

references/claude-code-doc-map.md:3

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/overview.md

references/claude-code-doc-map.md:7

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/quickstart.md

references/claude-code-doc-map.md:8

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/how-claude-code-works.md

references/claude-code-doc-map.md:9

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/best-practices.md

references/claude-code-doc-map.md:10

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/cli-reference.md

references/claude-code-doc-map.md:14

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/settings.md

references/claude-code-doc-map.md:15

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/permissions.md

references/claude-code-doc-map.md:16

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/model-config.md

references/claude-code-doc-map.md:17

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/troubleshooting.md

references/claude-code-doc-map.md:18

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/skills.md

references/claude-code-doc-map.md:22

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/hooks.md

references/claude-code-doc-map.md:23

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/hooks-guide.md

references/claude-code-doc-map.md:24

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/mcp.md

references/claude-code-doc-map.md:25

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/sub-agents.md

references/claude-code-doc-map.md:26

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/plugins.md

references/claude-code-doc-map.md:27

🔗

Medium External URL 外部 URL

https://code.claude.com/docs/en/plugins-reference.md

references/claude-code-doc-map.md:28

File Tree

35 files · 185.3 KB · 5403 lines

Python 21f · 3790L Markdown 12f · 1348L Shell 1f · 203L YAML 1f · 62L

├─ ▾ 📁 references

│ ├─ 📝 bmad-agent-trigger-cheatsheet.md Markdown 96L · 1.9 KB

│ ├─ 📝 bmad-method-integration.md Markdown 126L · 3.4 KB

│ ├─ 📝 bmad-minimal-operator-flow.md Markdown 56L · 1.1 KB

│ ├─ 📝 bmad-prompt-templates.md Markdown 405L · 8.2 KB

│ ├─ 📝 bmad-v6-agent-workflow-map.md Markdown 93L · 1.8 KB

│ ├─ 📝 claude-code-doc-map.md Markdown 36L · 1.4 KB

│ ├─ 📝 claude-orchestration-control-plane.md Markdown 60L · 2.2 KB

│ ├─ 📝 claude-orchestrator-ops.md Markdown 104L · 2.0 KB

│ ├─ 📋 claude-orchestrator-profiles.yaml YAML 62L · 1.4 KB

│ ├─ 🔑 low-token-feedback-flow.md ⚠ Markdown 33L · 1.1 KB

│ ├─ 📝 spec-driven-workflow.md Markdown 103L · 2.2 KB

│ └─ 📝 telegram-progress-notify.md Markdown 26L · 623 B

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 dev

│ │ ├─ 🐍 __init__.py Python 0 B

│ │ ├─ 🐍 claude_acceptance_check.py Python 144L · 4.3 KB

│ │ ├─ 🐍 claude_event_summary.py Python 88L · 2.8 KB

│ │ └─ 🐍 claude_v2_smoke.py Python 177L · 6.8 KB

│ ├─ ▾ 📁 ops

│ │ ├─ 🐍 __init__.py Python 0 B

│ │ ├─ 🐍 claude_latest_run_report.py Python 104L · 3.5 KB

│ │ ├─ 🐍 claude_reconcile_runs.py Python 44L · 1.5 KB

│ │ ├─ 🐍 claude_recover_run.py Python 78L · 2.2 KB

│ │ ├─ 🐍 claude_run_report.py Python 115L · 4.5 KB

│ │ └─ 🐍 claude_user_update.py Python 120L · 4.1 KB

│ ├─ 🐍 claude_artifact_probe.py Python 220L · 7.8 KB

│ ├─ 🐍 claude_checkpoint.py Python 142L · 4.3 KB

│ ├─ 🐍 claude_code_run.py Python 239L · 8.8 KB

│ ├─ 🐍 claude_dispatch_update.py Python 69L · 1.9 KB

│ ├─ 🐍 claude_hook_event_logger.py Python 132L · 4.8 KB

│ ├─ 🐍 claude_orchestrator.py Python 1063L · 50.6 KB

│ ├─ 🐍 claude_run_registry.py Python 181L · 6.1 KB

│ ├─ 🐍 claude_watchdog.py Python 205L · 7.6 KB

│ ├─ 🐍 claude_workflow_adapter.py Python 210L · 7.9 KB

│ ├─ 🐍 install_claude_hooks.py Python 105L · 3.3 KB

│ ├─ 🐍 run_bmad_persona.py Python 354L · 12.9 KB

│ └─ 🔧 run_claude_task.sh Shell 203L · 5.2 KB

└─ 📝 SKILL.md Markdown 210L · 7.1 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`pexpect`	`*`	pip	No	Used for Claude Code process spawning—standard automation library
`pyyaml`	`*`	pip	No	YAML profile parsing

Security Positives

✓ No base64, eval(), or obfuscation patterns found

✓ No credential theft (no access to ~/.ssh, ~/.aws, .env)

✓ No external HTTP requests except via openclaw messaging binary

✓ No data exfiltration or C2 communication

✓ Shell execution is the declared core function (not hidden)

✓ Uses standard libraries (pexpect, yaml, json) with no supply chain risks

✓ Well-structured orchestrator with watchdog and checkpoint mechanisms

✓ Clear execution paths documented in SKILL.md

Scan Report

Findings 2 items

File Tree

Dependencies 2 items

Security Positives