← Back to Skills Marketplace
atlaspa

Openclaw Action

by AtlasPA · GitHub ↗ · v1.0.0
darwinlinuxwin32 ⚠ suspicious
800
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-action
Description
GitHub Action for automated security scanning of agent workspaces. Detects exposed secrets, prompt/shell injection, and data exfiltration patterns in PRs and commits.
Usage Guidance
This action performs the advertised scans, but it contradicts its own trust claims: instead of running only local, auditable code, action.yml downloads and executes scanner scripts from GitHub at runtime (raw URLs on the main branches). That creates a supply-chain risk because those remote files can change or be compromised. Before installing or using this Action, consider: - Prefer vendored or pinned scanner code: vendor the scanner scripts into the action repository or fetch scripts pinned to a specific commit SHA or release tag instead of raw 'main' URLs. - Review the exact remote files to be executed (the three raw.githubusercontent.com URLs) and verify the upstream maintainers and commit SHAs. If you cannot verify, do not allow the action to run with elevated access. - Treat this action as having the ability to execute arbitrary Python fetched at runtime: ensure it runs with least privilege in your CI, and avoid exposing secrets to runs triggered by untrusted forks or contributors. - If you need stronger assurance, replace the runtime curl step with code checked into your organization (or use a verified marketplace action), or require that the scanner code is included in the repo under review so behavior is fully auditable. If you accept the current design, at minimum ask the publisher to pin downloads to immutables (commit SHAs/releases) and update the README to remove the false 'No network calls' claim. If you cannot confirm the upstream repositories are trustworthy, treat the action as risky and avoid installing it.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-action Version: 1.0.0 The skill bundle is classified as suspicious due to a significant supply chain vulnerability. The `action.yml` file uses `curl -sL` to download and execute Python scanner scripts (sentry.py, bastion.py, egress.py) directly from `raw.githubusercontent.com` on the `main` branch of external repositories (e.g., `https://raw.githubusercontent.com/AtlasPA/openclaw-sentry/main/scripts/sentry.py`). This practice lacks version pinning or integrity checks, making the action highly susceptible to compromise if any of the upstream repositories are maliciously modified. While the stated purpose and the orchestrating `scripts/scan.py` appear benign, this unverified external code execution introduces a critical risk, allowing potential future malice without direct evidence of intentional self-exploitation within this bundle.
Capability Assessment
Purpose & Capability
Name/description match the code: it is a GitHub Action that scans workspaces for secrets, injection, and egress patterns and only requires python3. However the README and SKILL.md assert 'No network calls' and 'No dependencies' while action.yml downloads scanner scripts at runtime via curl from raw.githubusercontent.com. Fetching remote scanner code is not necessary to describe the action's purpose and is inconsistent with the claimed 'auditable, local-only' trust model.
Instruction Scope
SKILL.md and README instruct how to add the Action and state scanners run locally and are auditable. The actual runtime instructions (action.yml + scripts/scan.py) download external Python scanner scripts and then execute them. That means the action's runtime behavior extends beyond the local repo content the README promises: it executes code retrieved over the network, which can change between runs and may alter scanning behavior or exfiltrate data.
Install Mechanism
There is no installer, but action.yml explicitly uses curl to download three scripts from raw.githubusercontent.com at runtime. raw.githubusercontent.com is a well-known host (GitHub), which is better than arbitrary servers, but downloading and executing raw scripts from the network on each run is higher-risk than vendoring/pinning code. The downloads are not pinned to commit SHAs or releases (they use main branch URLs), increasing supply-chain fragility.
Credentials
The skill does not request extra credentials or unrelated environment variables. It uses standard GitHub Actions runner env vars (GITHUB_OUTPUT, GITHUB_STEP_SUMMARY) and accepts workspace and scan toggles via inputs. No SECRET/TOKEN env vars are required by the skill itself.
Persistence & Privilege
always is false; the skill does not request permanent agent presence or attempt to modify other skills. It writes only Action outputs and a job summary, and does not persist data beyond the run. The main privilege concern is runtime execution of downloaded code, not persistent elevated privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-action
  3. After installation, invoke the skill by name or use /openclaw-action
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of openclaw-action: automated security scanning GitHub Action. - Scans agent workspaces for exposed secrets, injection, and data exfiltration patterns on PRs and commits. - Detects API keys, tokens, credentials, prompt/shell injections, and suspicious network calls using sentry, bastion, and egress scanners. - Provides configurable inputs for scan scope and failure conditions (`fail-on-findings`). - Outputs finding counts and critical issue flags for CI integration. - Action is alert-only—does not modify code or files.
Metadata
Slug openclaw-action
Version 1.0.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Openclaw Action?

GitHub Action for automated security scanning of agent workspaces. Detects exposed secrets, prompt/shell injection, and data exfiltration patterns in PRs and commits. It is an AI Agent Skill for Claude Code / OpenClaw, with 800 downloads so far.

How do I install Openclaw Action?

Run "/install openclaw-action" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Action free?

Yes, Openclaw Action is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Action support?

Openclaw Action is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created Openclaw Action?

It is built and maintained by AtlasPA (@atlaspa); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments