openclaw
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides operational documentation for the OpenClaw multi-agent gateway. It contains no executable code or malicious instructions and serves as a legitimate technical guide.\n- [SAFE]: The documentation emphasizes security-first configurations, including requirements for token or password authentication on non-loopback bindings and the use of secure tunnels (SSH, Tailscale) for remote access.\n- [SAFE]: The skill addresses potential attack surfaces such as indirect prompt injection. Ingestion points include messaging channels (WhatsApp, Telegram, Slack, Signal, Matrix) as detailed in references/channels-and-providers.md. Boundary markers include mention gating, allowlists, and pairing approvals as detailed in references/gateway.md and SKILL.md. Capability inventory includes the 'exec' shell command tool, process management, and remote node execution (camera, system commands) as detailed in references/tools.md and references/nodes.md. Sanitization includes built-in redaction of sensitive values and schema-strict configuration validation as detailed in references/operations.md and references/configuration.md.\n- [SAFE]: The skill includes instructions for standard maintenance tasks, configuration validation using 'openclaw config validate', and health monitoring, all of which align with secure system operation.\n- [SAFE]: There is no evidence of obfuscation, hardcoded credentials, or unauthorized data exfiltration patterns within the provided files.
Audit Metadata