semantic-slicing

Warn

Audited by Socket on May 20, 2026

1 alert found:

Anomaly
AnomalyLOW
references/openclaw-profile.md

The OpenClaw fragment shows multiple high-risk surfaces across agent, gateway, plugins, and memory-host-sdk components, with alarming risk signals around secret handling, environment variable access, and insecure crypto. While no explicit malicious payload is observed in the provided material, the accumulation of indicators and large code surface area justifies a rigorous, code-level security review, targeted test cases, and enforcement of strict least-privilege boundaries before integration or deployment. Mitigation should include post-filtering of metadata artifacts, removal of sensitive path references from scans, and automated checks for secret exposure, insecure crypto usage, and SSRF-like behaviors.

Confidence: 59%Severity: 60%
Audit Metadata
Analyzed At
May 20, 2026, 02:27 AM
Package URL
pkg:socket/skills-sh/vincentkoc%2Fdotskills%2Fsemantic-slicing%2F@fb02975c0a34914278e2fa03371716d398c08296
Security Audit — socket — semantic-slicing