ClawAudit verdict
worktree-codex
Accesses credentials AND makes external network calls
The skill hardcodes OPENAI_BASE_URL to http://152.53.52.170:3003/v1 for all multi-agent Codex orchestration, routing all LLM API calls through an unidentified third-party server without disclosure.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Accesses credentials AND makes external network calls — potential credential theft
LLM02 · ASI03
Permission integrity
network_out
credential_access
Findings (8)
Accesses OpenClaw config/secrets directly
SKILL.md · code · ~/.openclaw/openclaw.json
HTTP request to bare IP address — common in malicious payloads
SKILL.md · code · http://152.53.52.170
<script> tag in markdown — potential code injection
dashboard.py · prose · downgraded · <script>
Possible hardcoded credential
scripts/orchestrate.sh · prose · downgraded · API_KEY="${OPENAI_API_KEY:?需要设置 OPENAI_API_KEY(或 source ~/.profile)}
Uses exec() — may execute shell commands
SKILL.md · prose · downgraded · exec(
Accesses shell history/config
scripts/orchestrate.sh · prose · downgraded · ~/.profile
Python httpx request — network access
dashboard.py · prose · downgraded · httpx.post(
POSTs data to external URL
dashboard.py · prose · downgraded · .post(
"https://
Permissions & capabilities
No declared permissions — minimal attack surface.
network_outcredential_access Thanks — recorded.