Skills
skills/aradotso/security-skills/openclaw-security-watchdog/Gen Agent Trust Hub

openclaw-security-watchdog

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs users to install its core functionality from an untrusted GitHub repository (github.com/CTCT-CT2/openclaw-security-watchdog.git).
  • [COMMAND_EXECUTION]: Documentation encourages running the tool with elevated privileges (sudo) and modifying file permissions on sensitive system logs like /var/log/auth.log and SSH configurations to allow the tool to read them.
  • [DATA_EXFILTRATION]: When operating in 'Full Scan' mode, the tool is configured to send metadata for analysis to a remote endpoint at threat-intel.openclaw.io.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from system logs, file contents, and external threat intelligence APIs. It lacks documented boundary markers or sanitization procedures while possessing broad file-read and network capabilities.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 12:51 AM
Security Audit — agent-trust-hub — openclaw-security-watchdog