ClawAudit verdict

openclaw-ultimate-suite

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

An index/meta-skill that lists and auto-activates sub-skills for productivity, social media, and security scanning; the content is a skill catalog and activation routing table with no malicious code or exfiltration.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
100
transparency
90
maintenance

Findings (18)

Pattern match critical

Possible hardcoded credential

docs/CONFIG_CHECKLIST.md · code · API_KEY: "; if [ -n

Pattern match critical

Recursive delete from root or home — destructive command

skills/ironclaw-guardian-evolved/README.md · code · rm -rf /

Pattern match critical

Pipe to bash — executes piped content as shell commands

skills/ironclaw-guardian-evolved/SKILL.md · code · |bash

Pattern match critical

Uses eval() — can execute arbitrary code

skills/playwright/scraping.md · code · eval(

Pattern match high

Accesses OpenClaw config/secrets directly

docs/MULTI-MODEL-STRATEGY.md · code · ~/.openclaw/openclaw.json

Pattern match high

References sudo — requests elevated privileges

examples/mvp-development.md · code · sudo

Pattern match high

Accesses system credential store

skills/ontology/references/schema.md · code · keychain

Pattern match high

HTTP request to bare IP address — common in malicious payloads

skills/openclaw-free-web-search/README_zh.md · code · http://127.0.0.1

Pattern match high

Uses exec() — may execute shell commands

skills/skill-vetter/SKILL.md · code · exec(

Pattern match high

Accesses cloud provider credentials

skills/skill-vetter/SKILL.md · code · ~/.aws

Pattern match medium

Sets world-executable permissions

skills/ironclaw-guardian-evolved/SKILL.md · code · chmod 777

Pattern match medium

subprocess execution — runs system commands from Python

skills/cli-anything/scripts/recommend_harness.py · prose · downgraded · subprocess.check_output(

Pattern match medium

References webhook/callback URL

skills/ironclaw-guardian-evolved/SKILL.md · code · WEBHOOK_URL

Pattern match medium

Popular HTTP library — network access

skills/multi-search-engine/references/international-search.md · code · axios

Pattern match medium

References agent memory files

skills/skill-vetter/SKILL.md · code · MEMORY.md

Pattern match low

Opens WebSocket connection

skills/agency-agents/agents/engineering/frontend-developer.md · prose · downgraded · WebSocket

Pattern match low

Python urllib.request — network access

skills/ironclaw-guardian-evolved/scripts/ironclaw_audit.py · prose · downgraded · urllib.request

Pattern match low

Python os.environ.get — reads environment variable

skills/openclaw-free-web-search/openclaw-workspace/skills/local-web-search/scripts/search_local_web.py · prose · downgraded · os.environ.get(

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class A/B/D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

Requires 3 environment variables.

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API