Scan Report
40 /100
openclaw-security-auditor
OpenClaw Security Auditor (OSA) - Comprehensive security auditing tool for OpenClaw deployments
OpenClaw security auditing tool with documented mismatch: SKILL.md claims read-only operation but config_fixer.py has write capabilities to modify system configs. No malicious behavior detected, but undeclared modification capability violates transparency principle.
Use with caution
Add explicit filesystem:WRITE declaration to SKILL.md if config modification is intended. Consider documenting which configuration paths can be modified and under what conditions. Add warning about automated changes vs manual approval.
Findings 3 items
| Severity | Finding | Location |
|---|---|---|
| Medium | Undeclared filesystem write capability Doc Mismatch | scripts/config_fixer.py:52 |
| Low | Misleading 'never makes automatic changes' claim Doc Mismatch | SKILL.md:85 |
| Low | Access to OpenClaw configuration directory Sensitive Access | scripts/security_scanner.py:25 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | WRITE | ✗ Violation | scripts/config_fixer.py:52 - json.dump(config, f) |
2 findings
Medium External URL 外部 URL
https://docs.openclaw.ai/security scripts/report_generator.py:143 Medium External URL 外部 URL
https://docs.openclaw.ai/best-practices scripts/report_generator.py:145 File Tree
7 files · 40.0 KB · 1218 lines Python 4f · 688L
Markdown 3f · 530L
├─
▾
references
│ ├─
config-guide.md
Markdown
│ └─
security-modes.md
Markdown
├─
▾
scripts
│ ├─
config_fixer.py
Python
│ ├─
report_generator.py
Python
│ └─
security_scanner.py
Python
├─
SKILL.md
Markdown
└─
test_skill.py
Python
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
osa | unknown | external import | No | Imported as 'openclaw-security-auditor' package - not locally defined, external dependency |
Security Positives
✓ No credential harvesting - skill audits config but does not extract secrets
✓ No data exfiltration - no external data transmission observed
✓ No obfuscation - all code is readable plaintext Python
✓ No base64-encoded payloads or eval() calls
✓ No suspicious network connections (external URLs only in generated report text, not executed)
✓ No ~/.ssh, ~/.aws, or .env file access attempts
✓ Backup mechanism implemented before config modification (config_fixer.py:17)
✓ Supports dry-run mode for config_fixer (--dry-run argument)