The Agent Skills Directory

[SAFE]: The skill's primary purpose is defensive security auditing. It scans local configuration files in ~/.openclaw/ to identify exposed API keys (OpenAI, Anthropic, AWS, etc.), insecure file permissions (world-readable), and missing gitignore entries.
[DATA_EXPOSURE_&_EXFILTRATION]: While the skill accesses sensitive files like .env and configuration files containing tokens, it does so solely for the purpose of auditing. There are no network operations (no curl, requests, or socket usage) detected in the provided scripts. All findings are printed to the local console or saved to a local state file (~/.openclaw/skill-state/).
[PRIVILEGE_ESCALATION]: The skill includes a feature to fix file permissions (chmod 600). This is a security-enhancing operation that reduces the privilege of other users on the system to read the config files. It does not use sudo or attempt to escalate its own privileges.
[COMMAND_EXECUTION]: The skill uses standard Python libraries (os, pathlib, stat) for file system interactions. It does not invoke arbitrary shell commands or use subprocess for external execution beyond its own logic.

config-encryption-auditor