ClawAudit verdict

SX-security-audit

sx-security-audit

45
🟠 Risky
Significant concerns — only install if you understand the risks

The skill scans for secrets and vulnerabilities across the workspace and then explicitly sends those findings as reports to a configurable external Feishu webhook URL, risking exfiltration of sensitive security information to a third-party service.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
80
transparency
70
maintenance

Findings (19)

Pattern match critical

Possible hardcoded credential

references/code-security.md · code · apiKey = "sk-proj-abc123...

Pattern match high

Uses eval() — can execute arbitrary code

references/code-security.md · prose · downgraded · eval(

Pattern match high

subprocess execution — runs system commands from Python

references/code-security.md · code · subprocess.run(

Pattern match high

Pipe to python — executes piped content as Python code

references/code-security.md · prose · downgraded · | Python

Pattern match high

subprocess with shell=True — command injection vector

references/code-security.md · code · subprocess.run(user_command, shell=True

Pattern match high

Accesses .ssh directory

references/permissions.md · code · .ssh/

Pattern match high

Accesses AWS credentials file

references/permissions.md · prose · downgraded · ~/.aws/credentials

Pattern match high

Accesses OpenClaw config/secrets directly

references/permissions.md · code · ~/.openclaw/openclaw.json

Pattern match medium

References sudo — requests elevated privileges

SKILL.md · prose · downgraded · sudo

Pattern match medium

Sets world-executable permissions

references/code-security.md · code · chmod 755

Pattern match medium

Uses exec() — may execute shell commands

references/code-security.md · prose · downgraded · exec(

Pattern match medium

References child_process — can spawn system processes

references/code-security.md · prose · downgraded · child_process

Pattern match medium

os.system/popen — direct OS command execution

references/code-security.md · prose · downgraded · os.system(

Pattern match medium

Accesses sensitive environment variables

references/code-security.md · code · process.env.API_KEY

Pattern match medium

Python urllib.request — network access

references/code-security.md · code · urllib.request

Pattern match medium

Accesses cloud provider credentials

references/permissions.md · prose · downgraded · ~/.aws

Pattern match medium

Accesses system credential store

scripts/security_audit.py · prose · downgraded · keychain

Pattern match low

References webhook/callback URL

SKILL.md · prose · downgraded · WEBHOOK_URL

Pattern match low

Python os.environ.get — reads environment variable

scripts/send_report_to_feishu.py · prose · downgraded · os.environ.get(

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class B/D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions — minimal attack surface.

network_in

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API