Security Sweep — Skill & Plugin Auditor
Scans OpenClaw skills and plugins for:
- Hardcoded secrets — API keys, tokens, passwords in code
- Dangerous exec patterns — shell injection, eval, unsanitized child_process calls
- Dependency vulnerabilities — npm audit failures
- Network egress — unexpected outbound connections
- Input injection — unsanitized user input reaching exec/file/eval
Scan Scope
Built-in skills (read-only, bundled with OpenClaw CLI):
$(brew --prefix)/Cellar/openclaw-cli/<version>/libexec/lib/node_modules/openclaw/skills/
Workspace skills (user-installed):
~/.openclaw/workspace/skills/
Workflow
Full Sweep
Run the comprehensive scan script:
SKILLS_DIR="$(brew --prefix)/Cellar/openclaw-cli/2026.3.24/libexec/lib/node_modules/openclaw/skills"
WS_DIR="$HOME/.openclaw/workspace/skills"
REPORT_DATE=$(date +%Y%m%d_%H%M%S)
REPORT_FILE="$HOME/.openclaw/security-sweep-${REPORT_DATE}.txt"
bash ~/.openclaw/workspace/skills/security-sweep/scripts/full-scan.sh \
--builtin "$SKILLS_DIR" \
--workspace "$WS_DIR" \
--output "$REPORT_FILE"
Quick Scan (fast patterns only)
bash ~/.openclaw/workspace/skills/security-sweep/scripts/quick-scan.sh \
--dir "$HOME/.openclaw/workspace/skills"
Single Skill Scan
bash ~/.openclaw/workspace/skills/security-sweep/scripts/skill-scan.sh \
--skill /path/to/skill
NPM Audit (workspace skills with package.json)
bash ~/.openclaw/workspace/skills/security-sweep/scripts/npm-audit.sh \
--workspace "$HOME/.openclaw/workspace/skills"
Risk Categories
| Level | Finding | Action |
|---|---|---|
| 🔴 CRITICAL | Hardcoded secret (api_key, token, password) | Remove immediately, rotate credential |
| 🔴 CRITICAL | eval() on untrusted input | Replace with safe alternative |
| 🟠 HIGH | exec(), spawn() with string concatenation | Use execFile with array args |
| 🟠 HIGH | Shell injection surface (bash -c, ${var} in shell) | Sanitize or use execFile |
| 🟡 MEDIUM | npm audit findings (any severity) | Review and update dependencies |
| 🟡 MEDIUM | Unexpected network egress | Verify necessity, document purpose |
| 🟢 LOW | File permission too broad (0o777) | Restrict to 0o644/0o755 |
| 🟢 INFO | process.env leak in logs | Ensure logs redact env vars |
Reporting
Reports are saved to ~/.openclaw/security-sweep-<date>.txt.
Include report path in memory after each scan.
Periodic Scanning
Offer to schedule weekly security sweeps via cron:
openclaw cron add \
--name "security-sweep" \
--every 604800 \
--sessionTarget isolated \
--payload '{"kind":"agentTurn","message":"Run security sweep on all skills. Report findings. Save report to ~/.openclaw/security-sweep-<date>.txt and note in memory/YYYY-MM-DD.md if any critical issues found."}'
Sharing / ClawHub Publishing
Before publishing a skill to ClawHub:
- Run full sweep
- Fix all CRITICAL/HIGH findings
- Verify no secrets in SKILL.md or any scripts
- Confirm npm audit passes with 0 vulnerabilities
- Document all required env vars in SKILL.md
Notes
- Bundled skills (read-only, no write during scan)
- Workspace skills are editable — fix findings directly
- Some
execFileusage is legitimate (openclaw CLI calls) — review context process.envaccess is fine; concern is env vars leaking to untrusted processes