openclaw-config
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill features a wide array of bash commands for monitoring processes, inspecting logs, and querying SQLite databases. These commands are intended for system administration and status checks.
- [CREDENTIALS_UNSAFE]: Diagnostics include reading configuration files like
openclaw.jsonand session logs. Although the text advises redacting sensitive info, the providedjqandcatcommands do not include mechanisms to mask credentials such asbotTokenorapiKey, potentially exposing them in the terminal or to the agent context. - [EXTERNAL_DOWNLOADS]: The documentation encourages the use of
clawdhubandnpxto install additional skills and plugins. This facilitates the introduction and execution of third-party code from external repositories into the local environment. - [REMOTE_CODE_EXECUTION]: The orchestration section describes how to spawn background agents (e.g., Codex or Claude) using the
bashtool with high-privilege flags like--yoloandpty:true, enabling autonomous execution of tasks and code without immediate human oversight.
Audit Metadata