openclaw-security-hardening Security Report — Trusted | ClawSafe

5 /100

openclaw-security-hardening

Complete OpenClaw Agent Security Hardening - Protects against data leaks (storage security) and prompt injection (runtime security)

Legitimate OpenClaw security hardening skill with defensive shell commands properly documented in SKILL.md; the pre-scan flagged rm commands are in-code examples of dangerous patterns to avoid, not actual execution payloads.

Skill Nameopenclaw-security-hardening

Duration43.5s

Enginepi

✓

Safe to install

No action needed. This skill can be used as-is.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md documents read-only operations: stat, grep -l for file checks
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md explicitly declares chmod, git commands, security-check.sh as core func…
Environment	`NONE`	`NONE`	—	Skill references .env files but does not iterate os.environ or harvest secrets
Network	`NONE`	`NONE`	—	No network calls; external URLs in documentation are references only
Skill Invoke	`READ`	`READ`	✓ Aligned	Core purpose: runtime security checks for other skills
Clipboard	`NONE`	`NONE`	—	Not accessed
Browser	`NONE`	`NONE`	—	Not accessed
Database	`NONE`	`NONE`	—	Not accessed

2 Critical 7 findings

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf /

SKILL.md:345

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf ~

SKILL.md:360

🔗

Medium External URL 外部 URL

https://semver.org/

CHANGELOG.md:103

🔗

Medium External URL 外部 URL

https://your-api-endpoint-here

SKILL.md:96

🔗

Medium External URL 外部 URL

https://docs.openclaw.ai/security

SKILL.md:650

🔗

Medium External URL 外部 URL

https://www.gnupg.org/gph/en/manual.html

SKILL.md:651

🔗

Medium External URL 外部 URL

https://clawhub.com

tests/pre-submit-check.sh:112

File Tree

6 files · 34.9 KB · 1492 lines

Markdown 4f · 1167L Shell 2f · 325L

├─ ▾ 📁 examples

│ └─ 📝 SOUL-config-example.md Markdown 170L · 3.4 KB

├─ ▾ 📁 tests

│ ├─ 🔧 pre-submit-check.sh Shell 121L · 3.0 KB

│ └─ 🔧 security-test.sh Shell 204L · 5.5 KB

├─ 📝 CHANGELOG.md Markdown 146L · 3.9 KB

├─ 📝 README.md Markdown 159L · 3.2 KB

└─ 📝 SKILL.md Markdown 692L · 15.9 KB

Security Positives

✓ Defensive security tool with no offensive capabilities

✓ All shell commands are clearly documented with purpose and context

✓ Content vs Intent detection framework prevents accidental command execution

✓ Crontab entry is optional, user-initiated, and clearly labeled for monitoring only

✓ pre-submit-check.sh actively scans for real API keys before submission

✓ No third-party dependencies; uses only standard Unix tools

✓ No network egress or data exfiltration paths

✓ Sensitive data handling (.env isolation) is a security best practice

✓ skill_invoke is the declared primary resource — consistent with being a meta-security skill

Scan Report

File Tree

Security Positives