openclaw-audit-watchdog
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions and a verification script in
SKILL.mdfor downloading release artifacts from the vendor's official GitHub repository (github.com/prompt-security/clawsec). This is part of the standard installation process for standalone deployments and includes cryptographic verification of the downloaded files. - [COMMAND_EXECUTION]: The tool invokes the
openclawCLI to perform security audits (openclaw security audit) and manage scheduled tasks (openclaw cron) viascripts/setup_cron.mjs. It also utilizes shell scripts and Node.js to orchestrate the audit pipeline and format reports. These operations are core to the skill's functionality. - [DATA_EXFILTRATION]: Audit reports are transmitted to user-configured destinations via DM (using the
messagetool) or email (using localsendmailor an SMTP relay). These delivery mechanisms are the intended purpose of the watchdog and require explicit user configuration of environment variables such asPROMPTSEC_DM_TOorPROMPTSEC_EMAIL_TO. - [PROMPT_INJECTION]: An indirect prompt injection surface is present because
render_report.mjsprocesses output from theopenclaw security auditcommand. While external data from audited skills could theoretically influence the report content, the tool treats the data as text for reporting and does not execute instructions from it. - [REMOTE_CODE_EXECUTION]: The persistence mechanism uses
openclaw cronto schedule the execution of the main runner script (scripts/runner.sh). This is the documented behavior required to provide continuous, unattended monitoring.
Audit Metadata