ClawAudit verdict

SX-security-audit

sx-security-audit-1-0-0

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

Local security audit tool that scans the user's own system (file permissions, env vars, git history, ports) and generates reports; the optional Feishu webhook integration sends audit results the user explicitly requested.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
80
transparency
70
maintenance

Findings (19)

Pattern match critical

Possible hardcoded credential

references/code-security.md · code · apiKey = "sk-proj-abc123...

Pattern match high

Uses eval() — can execute arbitrary code

references/code-security.md · prose · downgraded · eval(

Pattern match high

subprocess execution — runs system commands from Python

references/code-security.md · code · subprocess.run(

Pattern match high

Pipe to python — executes piped content as Python code

references/code-security.md · prose · downgraded · | Python

Pattern match high

subprocess with shell=True — command injection vector

references/code-security.md · code · subprocess.run(user_command, shell=True

Pattern match high

Accesses .ssh directory

references/permissions.md · code · .ssh/

Pattern match high

Accesses AWS credentials file

references/permissions.md · prose · downgraded · ~/.aws/credentials

Pattern match high

Accesses OpenClaw config/secrets directly

references/permissions.md · code · ~/.openclaw/openclaw.json

Pattern match medium

References sudo — requests elevated privileges

SKILL.md · prose · downgraded · sudo

Pattern match medium

Sets world-executable permissions

references/code-security.md · code · chmod 755

Pattern match medium

Uses exec() — may execute shell commands

references/code-security.md · prose · downgraded · exec(

Pattern match medium

References child_process — can spawn system processes

references/code-security.md · prose · downgraded · child_process

Pattern match medium

os.system/popen — direct OS command execution

references/code-security.md · prose · downgraded · os.system(

Pattern match medium

Accesses sensitive environment variables

references/code-security.md · code · process.env.API_KEY

Pattern match medium

Python urllib.request — network access

references/code-security.md · code · urllib.request

Pattern match medium

Accesses cloud provider credentials

references/permissions.md · prose · downgraded · ~/.aws

Pattern match medium

Accesses system credential store

scripts/security_audit.py · prose · downgraded · keychain

Pattern match low

References webhook/callback URL

SKILL.md · prose · downgraded · WEBHOOK_URL

Pattern match low

Python os.environ.get — reads environment variable

scripts/send_report_to_feishu.py · prose · downgraded · os.environ.get(

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class B/D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions — minimal attack surface.

network_in

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API