概述

Security Sweep — Skill & Plugin Auditor

Scans OpenClaw skills and plugins for:

Hardcoded secrets — API keys, tokens, passwords in code
Dangerous exec patterns — shell injection, eval, unsanitized child_process calls
Dependency vulnerabilities — npm audit failures
Network egress — unexpected outbound connections
Input injection — unsanitized user input reaching exec/file/eval

Scan Scope

Built-in skills (read-only, bundled with OpenClaw CLI):

$(brew --prefix)/Cellar/openclaw-cli/<version>/libexec/lib/node_modules/openclaw/skills/

Workspace skills (user-installed):

~/.openclaw/workspace/skills/

Workflow

Full Sweep

Run the comprehensive scan script:

SKILLS_DIR="$(brew --prefix)/Cellar/openclaw-cli/2026.3.24/libexec/lib/node_modules/openclaw/skills"
WS_DIR="$HOME/.openclaw/workspace/skills"
REPORT_DATE=$(date +%Y%m%d_%H%M%S)
REPORT_FILE="$HOME/.openclaw/security-sweep-${REPORT_DATE}.txt"

bash ~/.openclaw/workspace/skills/security-sweep/scripts/full-scan.sh \
  --builtin "$SKILLS_DIR" \
  --workspace "$WS_DIR" \
  --output "$REPORT_FILE"

Quick Scan (fast patterns only)

bash ~/.openclaw/workspace/skills/security-sweep/scripts/quick-scan.sh \
  --dir "$HOME/.openclaw/workspace/skills"

Single Skill Scan

bash ~/.openclaw/workspace/skills/security-sweep/scripts/skill-scan.sh \
  --skill /path/to/skill

NPM Audit (workspace skills with package.json)

bash ~/.openclaw/workspace/skills/security-sweep/scripts/npm-audit.sh \
  --workspace "$HOME/.openclaw/workspace/skills"

Risk Categories

Level	Finding	Action
-------	---------	--------
🔴 CRITICAL	Hardcoded secret (api_key, token, password)	Remove immediately, rotate credential
🔴 CRITICAL	`eval()` on untrusted input	Replace with safe alternative
🟠 HIGH	`exec()`, `spawn()` with string concatenation	Use execFile with array args
🟠 HIGH	Shell injection surface (bash -c, ${var} in shell)	Sanitize or use execFile
🟡 MEDIUM	npm audit findings (any severity)	Review and update dependencies
🟡 MEDIUM	Unexpected network egress	Verify necessity, document purpose
🟢 LOW	File permission too broad (0o777)	Restrict to 0o644/0o755
🟢 INFO	process.env leak in logs	Ensure logs redact env vars

Reporting

Reports are saved to ~/.openclaw/security-sweep-.txt.

Include report path in memory after each scan.

Periodic Scanning

Offer to schedule weekly security sweeps via cron:

openclaw cron add \
  --name "security-sweep" \
  --every 604800 \
  --sessionTarget isolated \
  --payload '{"kind":"agentTurn","message":"Run security sweep on all skills. Report findings. Save report to ~/.openclaw/security-sweep-<date>.txt and note in memory/YYYY-MM-DD.md if any critical issues found."}'

Sharing / ClawHub Publishing

Before publishing a skill to ClawHub:

Run full sweep
Fix all CRITICAL/HIGH findings
Verify no secrets in SKILL.md or any scripts
Confirm npm audit passes with 0 vulnerabilities
Document all required env vars in SKILL.md

Notes

Bundled skills (read-only, no write during scan)
Workspace skills are editable — fix findings directly
Some execFile usage is legitimate (openclaw CLI calls) — review context
process.env access is fine; concern is env vars leaking to untrusted processes

版本历史

共 1 个版本

v1.1.2 当前

2026-05-03 10:43 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)