audit-openclaw-security
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The bash script scripts/collect_openclaw_audit.sh performs local system reconnaissance by executing commands such as whoami, uname, sw_vers, lsof, ss, and netstat to assess the host network posture.
- [COMMAND_EXECUTION]: The collection script attempts to read firewall rules using sudo -n for ufw, nft, and iptables, allowing it to gather network policy information without requiring an interactive password prompt.
- [SAFE]: The skill includes defensive utilities such as scripts/redact_openclaw_config.py, which uses regular expressions to identify and mask secrets like tokens and passwords in configuration files before they are processed or shared.
- [SAFE]: Instructions in SKILL.md establish strict safety protocols, including a prohibition on requesting raw secrets and a requirement for explicit user approval before any remediation steps are taken.
- [SAFE]: The auditing workflow leverages the native openclaw security audit tool, which is designed to provide shareable, security-focused diagnostics.
Audit Metadata