openclaw-audit-watchdog

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions and a verification script in SKILL.md for downloading release artifacts from the vendor's official GitHub repository (github.com/prompt-security/clawsec). This is part of the standard installation process for standalone deployments and includes cryptographic verification of the downloaded files.
  • [COMMAND_EXECUTION]: The tool invokes the openclaw CLI to perform security audits (openclaw security audit) and manage scheduled tasks (openclaw cron) via scripts/setup_cron.mjs. It also utilizes shell scripts and Node.js to orchestrate the audit pipeline and format reports. These operations are core to the skill's functionality.
  • [DATA_EXFILTRATION]: Audit reports are transmitted to user-configured destinations via DM (using the message tool) or email (using local sendmail or an SMTP relay). These delivery mechanisms are the intended purpose of the watchdog and require explicit user configuration of environment variables such as PROMPTSEC_DM_TO or PROMPTSEC_EMAIL_TO.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present because render_report.mjs processes output from the openclaw security audit command. While external data from audited skills could theoretically influence the report content, the tool treats the data as text for reporting and does not execute instructions from it.
  • [REMOTE_CODE_EXECUTION]: The persistence mechanism uses openclaw cron to schedule the execution of the main runner script (scripts/runner.sh). This is the documented behavior required to provide continuous, unattended monitoring.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 09:53 PM
Security Audit — agent-trust-hub — openclaw-audit-watchdog