ClawAudit verdict
openclaw-security-hardening
agent-runtime-security
Receives external input AND executes processes
Despite its broad capabilities, this skill contains legitimate security hardening guidance including file permission hardening (chmod 600), .gitignore patterns, .env isolation, and prompt injection defense — all consistent with its stated purpose as an OpenClaw security hardening framework.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Receives external input AND executes processes — the shape of a command & control channel
LLM05 · LLM06 · ASI10
Writes files AND executes processes — may drop and execute malicious scripts
LLM05 · LLM06 · ASI05
Accesses credentials AND writes files — may persist stolen credentials locally
LLM02 · LLM06 · ASI03
Accesses agent memory AND writes files — may modify agent behavior persistently
LLM01 · LLM06 · ASI01 · ASI06
Permission integrity
credential_access
agent_memory
Findings (5)
Recursive delete from root or home — destructive command
SKILL.md · code · rm -rf ~
References sudo — requests elevated privileges
SKILL.md · code · sudo
Uses exec() — may execute shell commands
SKILL.md · code · exec(
References agent memory files
SKILL.md · code · MEMORY.md
Popular HTTP library — network access
SKILL.md · code · got
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class B). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
credential_accessagent_memorynetwork_infile_writeprocess_exec Thanks — recorded.