Skills
skills/jd-opensource/joysafeter/openclaw-security-checker/Gen Agent Trust Hub

openclaw-security-checker

Warn

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Accesses sensitive file paths such as ~/.openclaw/openclaw.json, .env, and system logs to scan for plain-text credentials, API keys, and configuration secrets.
  • [COMMAND_EXECUTION]: Executes various system utilities including jq, grep, openssl, iptables, stat, and sha256sum to perform configuration audits and verify system integrity.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through data processing. Ingestion points: Processes content from ~/.openclaw/logs and configuration files. Boundary markers: None implemented to distinguish data from instructions. Capability inventory: High-privilege access to shell commands and system inspection tools. Sanitization: No evidence of escaping or validation for external log data before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 25, 2026, 08:05 AM
Security Audit — agent-trust-hub — openclaw-security-checker