Skip to main content

openclaw-sec

Provides real-time security validation for AI agents against various injection attacks and content policy violations.

Install this skill

or
0/100

Security score

The openclaw-sec skill was audited on Feb 11, 2026 and we found 24 security issues across 5 threat categories, including 2 critical. Review the findings below before installing.

Categories Tested

Security Issues

medium line 845

Python subprocess execution

SourceSKILL.md
845result = subprocess.run(
low line 524

Webhook reference - potential data exfiltration

SourceSKILL.md
524webhook:
low line 529

Webhook reference - potential data exfiltration

SourceSKILL.md
529webhook_url: "https://hooks.slack.com/services/..."
low line 532

Webhook reference - potential data exfiltration

SourceSKILL.md
532webhook_url: "https://discord.com/api/webhooks/..."
medium line 710

Webhook reference - potential data exfiltration

SourceSKILL.md
710- Slack tokens & webhooks
high line 132

Access to /etc/passwd

SourceSKILL.md
132openclaw-sec check-url "file:///etc/passwd"
high line 154

Access to /etc/passwd

SourceSKILL.md
154openclaw-sec validate-path "../../../etc/passwd"
critical line 164

Access to /etc/passwd

SourceSKILL.md
164- Absolute path to sensitive files (`/etc/passwd`, `/proc/*`)
high line 671

Access to /etc/passwd

SourceSKILL.md
671✗ "file:///etc/passwd"
critical line 683

Access to /etc/passwd

SourceSKILL.md
683- Sensitive system paths (`/etc/passwd`, `/proc/*`)
high line 691

Access to /etc/passwd

SourceSKILL.md
691✗ "../../../etc/passwd"
medium line 154

Path traversal pattern

SourceSKILL.md
154openclaw-sec validate-path "../../../etc/passwd"
medium line 691

Path traversal pattern

SourceSKILL.md
691✗ "../../../etc/passwd"
low line 538

Access to hidden dotfiles in home directory

SourceSKILL.md
538file: ~/.openclaw/logs/security-events.log
medium line 586

Access to hidden dotfiles in home directory

SourceSKILL.md
586This installs hooks to `~/.claude-code/hooks/`.
low line 743

Unicode escape sequences

SourceSKILL.md
743✗ "\\u0065\\u0076\\u0061\\u006c" (unicode)
low line 130

External URL reference

SourceSKILL.md
130openclaw-sec check-url "https://example.com"
low line 131

External URL reference

SourceSKILL.md
131openclaw-sec check-url "http://169.254.169.254/metadata"
low line 526

External URL reference

SourceSKILL.md
526url: "https://hooks.example.com/security"
low line 529

External URL reference

SourceSKILL.md
529webhook_url: "https://hooks.slack.com/services/..."
low line 532

External URL reference

SourceSKILL.md
532webhook_url: "https://discord.com/api/webhooks/..."
low line 669

External URL reference

SourceSKILL.md
669✗ "http://169.254.169.254/latest/meta-data/"
low line 670

External URL reference

SourceSKILL.md
670✗ "http://localhost:6379/admin"
low line 672

External URL reference

SourceSKILL.md
672✗ "http://user:pass@internal-db:5432"
Scanned on Feb 11, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categorydevelopment
UpdatedApril 4, 2026
openclawapitestingsecurity-engineerml-ai-engineerdevops-sreopenaidevelopment
openclaw/skills