ClawAudit verdict
openclaw-security-audit
nxtsecure-openclaw
The skill performs a security audit and remediation on an OpenClaw Linux host, covering various aspects such as firewall status, SSH hardening, and Docker container allowlisting. It appears to be used for its intended purpose and does not seem to involve any malicious behavior.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (4)
References SSH/GPG private keys
SKILL.md · prose · downgraded · ssh-key
Accesses .ssh directory
SKILL.md · prose · downgraded · .ssh/
References sudo — requests elevated privileges
scripts/openclaw_security_audit.sh · prose · downgraded · sudo
apt-get install — installs system packages
scripts/openclaw_security_audit.sh · prose · downgraded · apt-get install
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.