Security Audit

openclaw-sec

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

openclaw-sec received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 103 findings: 59 critical, 37 high, 7 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Network egress to untrusted endpoints, Arbitrary command execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

Static Code Analysis

Dependency Graph

93%

LLM Behavioral Safety

Behavioral Risk Signals

Network Access

68 findings

Filesystem Write

10 findings

Shell Execution

13 findings

Excessive Permissions

13 findings

Security Findings103

Severity	Finding	Layer	Location
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/path-traversal-patterns.ts:250
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/path-traversal-patterns.ts:251
CRITICAL	Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/exfiltration-patterns.ts:47
CRITICAL	Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/exfiltration-patterns.ts:62
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:13
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:14
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:30
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:31
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:32
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:47
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:48
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:49
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:65
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:66
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:67
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:82
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:83
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:84
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:116
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:117
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:118
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:185
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:186
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:201
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:202
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:217
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:218
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:233
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:234
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:249
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/ssrf-patterns.ts:250
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/paolorollo/openclaw-sec/src/modules/command-validator/__tests__/validator.test.ts:47
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/paolorollo/openclaw-sec/src/modules/command-validator/__tests__/validator.test.ts:69
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/paolorollo/openclaw-sec/src/modules/command-validator/__tests__/validator.test.ts:160
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/command-injection.ts:30
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/command-injection.ts:47
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/command-injection.ts:48
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/command-injection.ts:80
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/command-injection.ts:81
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/paolorollo/openclaw-sec/tests/zeroleaks-pentest.ts:113
CRITICAL	File read + network send exfiltration AWS credentials file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/multi-module.test.ts:260
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	skills/paolorollo/openclaw-sec/src/modules/path-validator/__tests__/validator.test.ts:184
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	skills/paolorollo/openclaw-sec/src/modules/path-validator/__tests__/validator.test.ts:186
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/path-traversal-patterns.ts:123
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	skills/paolorollo/openclaw-sec/src/patterns/runtime-validation/path-traversal-patterns.ts:124
CRITICAL	Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/__tests__/benchmarks/performance-benchmark.test.ts:478
CRITICAL	Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/modules/secret-detector/__tests__/detector.test.ts:104
CRITICAL	Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/modules/secret-detector/__tests__/detector.test.ts:378
CRITICAL	Hardcoded GitHub Token detected A hardcoded GitHub Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:43
CRITICAL	Hardcoded GitHub OAuth Token detected A hardcoded GitHub OAuth Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:44
CRITICAL	Hardcoded GitHub OAuth Token detected A hardcoded GitHub OAuth Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:62
CRITICAL	Hardcoded GitHub User Token detected A hardcoded GitHub User Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:45
CRITICAL	Hardcoded GitHub Server Token detected A hardcoded GitHub Server Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:46
CRITICAL	Hardcoded GitHub Refresh Token detected A hardcoded GitHub Refresh Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:47
CRITICAL	Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:77
CRITICAL	Hardcoded Stripe Secret Key detected A hardcoded Stripe Secret Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:189
CRITICAL	Post-install script executes arbitrary shell commands The `postinstall` script in `package.json` directly executes `bash install-hooks.sh`. This allows arbitrary shell commands to be run with the privileges of the user installing the package. An attacker could modify `install-hooks.sh` in a compromised package to execute malicious code, leading to full system compromise. Avoid executing shell scripts directly in `postinstall`. If necessary, ensure the script is minimal, sandboxed, and only performs operations strictly required for package functionality. Validate any environment variables used by the script.	LLM	package.json:23
CRITICAL	Installation script allows arbitrary symlink creation via environment variable The `install-hooks.sh` script uses the `OPENCLAW_HOOKS_DIR` environment variable to determine the installation directory. If an attacker can control this environment variable during installation, they could direct the script to create a symbolic link (`ln -sf "$SCRIPT_DIR/.." "$HOOKS_DIR/../openclaw-sec"`) from the skill's source directory to an arbitrary location on the filesystem. This could lead to path traversal, arbitrary file access, or privilege escalation. Do not allow critical installation paths to be controlled by environment variables. Hardcode the installation path or use a more secure configuration mechanism. Ensure symlinks are only created to trusted, non-sensitive locations.	LLM	hooks/install-hooks.sh:48
CRITICAL	Sensitive data exfiltration via configurable notification webhooks The `NotificationSystem` (used by the security hooks) is designed to send `NotificationPayload` objects to configurable webhooks (Slack, Discord, generic webhooks). This payload includes `message` and `metadata` fields. The `SecretDetector` module explicitly identifies API keys and tokens. If a secret is detected in user input or tool parameters, it is highly likely to be included in the `message` or `metadata` of the `NotificationPayload`. If a malicious webhook URL is configured (e.g., by an attacker gaining control of the configuration file), this could lead to the exfiltration of sensitive credentials. Implement strict sanitization or redaction of sensitive information (like detected secrets) from `NotificationPayload` before sending it to external services. Ensure that only non-sensitive metadata is included in notifications. Additionally, restrict who can modify the security configuration, especially webhook URLs.	LLM	src/core/notification-system.ts:100
HIGH	Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/multi-module.test.ts:402
HIGH	Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/exfiltration-detector/__tests__/detector.test.ts:47
HIGH	Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/exfiltration-detector/__tests__/detector.test.ts:175
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/end-to-end.test.ts:52
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/end-to-end.test.ts:122
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/multi-module.test.ts:48
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/multi-module.test.ts:89
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/multi-module.test.ts:195
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/multi-module.test.ts:250
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/multi-module.test.ts:325
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/multi-module.test.ts:498
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/performance.test.ts:71
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/__tests__/integration/performance.test.ts:272
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:25
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:36
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:46
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:77
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:88
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:98
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:117
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:128
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:191
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:261
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:285
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:297
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:309
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:319
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:329
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:339
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:349
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:359
HIGH	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/tests/zeroleaks-pentest.ts:114
HIGH	Hardcoded OpenAI API Key detected A hardcoded OpenAI API Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/__tests__/integration/multi-module.test.ts:61
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/modules/secret-detector/__tests__/detector.test.ts:298
HIGH	Hardcoded OpenAI API Key detected A hardcoded OpenAI API Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:28
HIGH	Hardcoded Stripe Publishable Key detected A hardcoded Stripe Publishable Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:190
HIGH	Sensitive data storage in local database and log files The `SecurityEngine` stores detected security events, including the `input_text` and `patterns_matched`, in a local SQLite database (`security_events` table) via `DatabaseManager`. Similarly, `Logger` can write structured security events, including `message` and `metadata`, to local log files. If the `SecretDetector` identifies sensitive data (e.g., API keys), this data will be stored unredacted in these local files. While not direct exfiltration, this creates a sensitive data store that, if compromised (e.g., via path traversal in another skill, insecure file permissions, or an attacker gaining access to the system), could lead to the exposure of secrets. The paths for both the database and log files are configurable, which could allow an attacker to direct them to an insecure or accessible location. Redact or mask sensitive information (e.g., detected secrets) before storing it in the database or log files. Implement strict access controls and encryption for these local data stores. Ensure that configurable paths for the database and logs are validated against a whitelist of safe locations.	LLM	src/core/database-manager.ts:64
MEDIUM	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/paolorollo/openclaw-sec/src/modules/url-validator/__tests__/validator.test.ts:68
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.66) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/paolorollo/openclaw-sec/src/modules/secret-detector/__tests__/detector.test.ts:125
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.70) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/paolorollo/openclaw-sec/src/modules/secret-detector/__tests__/detector.test.ts:343
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.66) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:94
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.66) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/paolorollo/openclaw-sec/src/patterns/secrets/secret-patterns.ts:95
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/paolorollo/openclaw-sec/hooks/install-hooks.sh:23
MEDIUM	Unpinned npm dependency version Dependency 'better-sqlite3' is not pinned to an exact version ('^12.6.2'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/paolorollo/openclaw-sec/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a90aa55c08452ac2.svg)](https://skillshield.io/report/a90aa55c08452ac2)