Scan Report
5 /100
openclaw-admin
Manage and inspect the OpenClaw multi-agent gateway — list agents, check model health, view routing rules, manage crons, inspect context budgets, and run system diagnostics
This is a read-only gateway management skill for inspecting OpenClaw multi-agent configuration with no security concerns.
Safe to install
No action needed. The skill is safe to use as documented.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Reference to non-existent script Doc Mismatch | SKILL.md:119 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md - cat commands for JSON config files |
| Shell | READ | READ | ✓ Aligned | SKILL.md - all commands are read-only (cat, python3 -c, echo, ls, wc) |
| Network | NONE | NONE | — | No network calls declared or observed |
| Environment | NONE | NONE | — | No environment variable access detected |
| Skill Invoke | NONE | NONE | — | No skill invocation observed |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | No database access |
File Tree
1 files · 5.5 KB · 160 lines Markdown 1f · 160L
└─
SKILL.md
Markdown
Security Positives
✓ All operations are read-only queries against JSON config files
✓ Uses safe python3 json.load() for parsing, no eval() or shell injection vectors
✓ No credential or sensitive path access (no ~/.ssh, ~/.aws, .env)
✓ No network exfiltration or C2 communication
✓ No base64 encoding, obfuscation, or suspicious patterns
✓ Documentation clearly states read-only nature of operations
✓ Good rule: 'Never modify openclaw.json without explicit user approval'