← Back to Skills Marketplace
xunxingyuan

OpenClaw Security Suite

by xunxingyuan · GitHub ↗ · v0.2.3 · MIT-0
cross-platform ⚠ suspicious
363
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install openclaw-security-suite
Description
Comprehensive security suite for OpenClaw skills. Includes static scanning (AST + keywords) and AI-powered semantic behavior review to detect malicious code.
Usage Guidance
This package appears to implement what it claims (static scanning + AI review) but there are several things to consider before installing: - Provenance: the source/homepage is unknown. Prefer packages with a known author or a public repository you can inspect. - Node requirement mismatch: SKILL.md expects the 'node' binary; ensure your runtime provides Node and that dependencies (@babel packages) are installed. - Data exposure: the 'review' action inserts full file contents into an LLM prompt (ctx.llm.generate). If your agent's LLM provider is external, any secrets or sensitive code will be sent to that provider. Only run 'review' on non-sensitive code or ensure the LLM provider and contract are acceptable. - Sandboxing limits: vm_runner.ts uses Node's node:vm; that is NOT a hardened sandbox for running untrusted code. The README notes they replaced vm2 with node:vm—that reduces guarantees against sandbox escapes. Do not use this skill to execute untrusted code expecting strong isolation. - Path scope: scanSkill reads all .ts/.js files in the provided directory. Don't point it at system or secrets directories (e.g., /, home, or /etc). - Auditing: before granting access, inspect the package source yourself (or in an isolated environment), verify package.json dependencies, and consider running scans in an isolated VM or container. Ask the author for a repository or signed releases if you need higher assurance. What would change my assessment to 'benign': an authoritative source/repo with history; clearer SKILL metadata (node requirement); removal or explicit limitation of sending full file contents to external LLMs (or an opt-in with clear warning); and a safer, documented sandboxing strategy (or avoiding execution entirely).
Capability Analysis
Type: OpenClaw Skill Name: openclaw-security-suite Version: 0.2.3 The skill provides security scanning and AI-assisted code review but exhibits high-risk behavior by allowing arbitrary file system access via the 'path' parameter in index.ts without sanitization. While this is aligned with its stated purpose, it could be exploited to read sensitive files (e.g., .env, /etc/passwd). Additionally, the bundle includes an insecure Node.js VM sandbox (scanner/vm_runner.ts) and a runtime guard (guard/runtime_guard.ts) that are defined but not integrated into the main execution flow, which is atypical for a production-ready security tool.
Capability Assessment
Purpose & Capability
The code and SKILL.md align with the described purpose: AST scanning, keyword scanning, an LLM-based review, and some runtime guards. Small inconsistencies: SKILL.md lists 'node' as a required binary while the registry metadata earlier said none; README and changelog claim a VM sandbox feature but the runtime code does not consistently use the vm runner (vm_runner.ts exists but is not invoked by the scanner). The package.json declares @babel parser/traverse dependencies which are expected for AST scanning.
Instruction Scope
The skill accepts a path and will read all .ts/.js files in that path — so it can read arbitrary files the agent user points it at (this is expected for a scanner but raises data-exposure risk if used on sensitive dirs). The AI review embeds the full file contents into a prompt and calls ctx.llm.generate, which will send the raw code (and any secrets inside it) to the LLM provider; that is a clear data-exfiltration risk if the LLM is external. The code uses node:vm.runInContext in vm_runner.ts (a file present), and the README touts sandboxing, but node:vm is not a secure sandbox for untrusted code and the project explicitly removed vm2 — that change reduces rather than increases guarantees. Also, ai_review simply forwards raw LLM output without JSON validation/parsing, which is brittle and could be manipulated.
Install Mechanism
There is no install spec (no remote downloads, no install script), which reduces supply-chain risk. However package.json declares npm dependencies (@babel/parser and @babel/traverse) that must be installed to run the scanner; those are from public npm and are expected for AST parsing. No obscure URLs or archive downloads are used.
Credentials
The skill does not request environment variables, credentials, or config paths. It flags process.env and sensitive file paths in its patterns (appropriate for scanning), but it does not itself require secrets. This is proportionate to its stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. disable-model-invocation is false (normal), which means the agent can invoke it autonomously — that is the expected behavior for a skill of this type but note that autonomous invocation plus the data-exfiltration mechanism (sending code to an LLM) increases blast radius.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-security-suite
  3. After installation, invoke the skill by name or use /openclaw-security-suite
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.3
Release version 0.2.3
v0.2.2
Release version 0.2.2
v0.2.1
Consolidate into openclaw-security-suite
v0.2.0
Consolidate into openclaw-security-suite
Metadata
Slug openclaw-security-suite
Version 0.2.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is OpenClaw Security Suite?

Comprehensive security suite for OpenClaw skills. Includes static scanning (AST + keywords) and AI-powered semantic behavior review to detect malicious code. It is an AI Agent Skill for Claude Code / OpenClaw, with 363 downloads so far.

How do I install OpenClaw Security Suite?

Run "/install openclaw-security-suite" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw Security Suite free?

Yes, OpenClaw Security Suite is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does OpenClaw Security Suite support?

OpenClaw Security Suite is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw Security Suite?

It is built and maintained by xunxingyuan (@xunxingyuan); the current version is v0.2.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments