Scan Report
15 /100
openclaw-security-policy-check
OpenClaw 网关安全自动化审计与配置检查工具
Security audit tool that reads OpenClaw config and runs CLI checks; legitimate security tool with no malicious behavior, though it accesses sensitive paths.
Safe to install
Skill is safe to use. The execSync usage is declared and limited to running the official openclaw CLI. Consider adding explicit filesystem:READ and shell:READ permission declarations in SKILL.md.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Reads OpenClaw config file Sensitive Access | scripts/audit.cjs:28 |
| Low | Shell execution not explicitly declared Doc Mismatch | SKILL.md:15 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | scripts/audit.cjs:28 - path.join(os.homedir(), '.openclaw', 'openclaw.json') |
| Shell | NONE | READ | ✓ Aligned | SKILL.md declares 'openclaw security audit --deep' execution |
File Tree
2 files · 6.7 KB · 236 lines JavaScript 1f · 196L
Markdown 1f · 40L
├─
▾
scripts
│ └─
audit.cjs
JavaScript
└─
SKILL.md
Markdown
Security Positives
✓ No data exfiltration - findings are only printed to console
✓ Token values are properly masked before display (first 8 chars only)
✓ Read-only mode - does not modify any files
✓ No network requests to external servers
✓ No base64 encoding or obfuscation
✓ No credential theft or harvesting for malicious purposes
✓ Limited and declared CLI execution (openclaw command only)
✓ Clean code with no hidden functionality