OpenClaw Arbiter
Audits installed skills to report exactly what system resources each one accesses — network, subprocess, file I/O, environment variables, and unsafe operations.
The Problem
You install skills and trust them blindly. A skill that claims to format markdown could also open network connections, execute shell commands, or read your environment variables. Nothing reports what permissions each skill actually uses.
Commands
Full Audit
Deep audit of all installed skills with line-level findings.
python3 {baseDir}/scripts/arbiter.py audit --workspace /path/to/workspace
Audit Single Skill
python3 {baseDir}/scripts/arbiter.py audit openclaw-warden --workspace /path/to/workspace
Permission Matrix
Compact table showing permission categories per skill.
python3 {baseDir}/scripts/arbiter.py report --workspace /path/to/workspace
Quick Status
One-line summary of permission risk.
python3 {baseDir}/scripts/arbiter.py status --workspace /path/to/workspace
What It Detects
| Category | Risk | Examples |
|---|---|---|
| Serialization | CRITICAL | pickle, eval(), exec(), import |
| Subprocess | HIGH | subprocess, os.system, Popen, command substitution |
| Network | HIGH | urllib, requests, curl, wget, hardcoded URLs |
| File Write | MEDIUM | open('w'), shutil.copy, os.remove, rm |
| Environment | MEDIUM | os.environ, os.getenv, os.putenv |
| Crypto | LOW | hashlib, hmac, ssl |
| File Read | LOW | open('r'), os.walk, glob |
Exit Codes
0— Clean, all skills within normal bounds1— Elevated permissions detected (review needed)2— Critical permissions detected (action needed)
No External Dependencies
Python standard library only. No pip install. No network calls. Everything runs locally.
Cross-Platform
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.