openclaw-admin 安全扫描报告 — 可信 | ClawSafe

5 /100

openclaw-admin

Manage and inspect the OpenClaw multi-agent gateway — list agents, check model health, view routing rules, manage crons, inspect context budgets, and run system diagnostics

This is a read-only gateway management skill for inspecting OpenClaw multi-agent configuration with no security concerns.

技能名称openclaw-admin

分析耗时24.3s

引擎pi

✓

可以安装

No action needed. The skill is safe to use as documented.

安全发现 1 项

严重性	安全发现	位置
低危	Reference to non-existent script 文档欺骗 The 'Gateway Health Check (Full)' command references 'bash ./status.sh' but this script is not included in the skill package. `bash ./status.sh` → Include status.sh in the skill or update docs to reflect actual capabilities	`SKILL.md:119`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md - cat commands for JSON config files
命令执行	`READ`	`READ`	✓ 一致	SKILL.md - all commands are read-only (cat, python3 -c, echo, ls, wc)
网络访问	`NONE`	`NONE`	—	No network calls declared or observed
环境变量	`NONE`	`NONE`	—	No environment variable access detected
技能调用	`NONE`	`NONE`	—	No skill invocation observed
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access

目录结构

1 文件 · 5.5 KB · 160 行

Markdown 1f · 160L

└─ 📝 SKILL.md Markdown 160L · 5.5 KB

安全亮点

✓ All operations are read-only queries against JSON config files

✓ Uses safe python3 json.load() for parsing, no eval() or shell injection vectors

✓ No credential or sensitive path access (no ~/.ssh, ~/.aws, .env)

✓ No network exfiltration or C2 communication

✓ No base64 encoding, obfuscation, or suspicious patterns

✓ Documentation clearly states read-only nature of operations

✓ Good rule: 'Never modify openclaw.json without explicit user approval'