Security Audit

openclaw-hardener

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

openclaw-hardener received a trust score of 49/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Unredacted OpenClaw config printed to stdout.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

70%

Static Code Analysis

85%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

3 findings

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/virtaava/openclaw-hardener/scripts/hardener.py:55
HIGH	Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Static	skills/virtaava/openclaw-hardener/scripts/hardener.py:55
MEDIUM	Unredacted OpenClaw config printed to stdout The `plan_config_patch` function retrieves the current OpenClaw gateway configuration. When the `plan-config` command is executed, this configuration is printed directly to standard output without applying any redaction. If the OpenClaw configuration contains sensitive information (e.g., API keys, tokens, internal network details), this information could be exposed to the user or any system capturing the skill's output. The skill's `redact` function is not used for this specific output. Apply the `redact()` function to the `current_config_json_str` before printing it in the `plan-config` command handler. For example: `print(redact(plan_config_patch()))`. Alternatively, ensure that `openclaw gateway config get` itself redacts sensitive fields or that the skill's `plan_config_patch` function explicitly redacts known sensitive fields within the JSON structure before returning it.	LLM	scripts/hardener.py:277

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f1a9fa88cd64d0a5.svg)](https://skillshield.io/report/f1a9fa88cd64d0a5)