← 返回 Skills 市场

Clawned - Protect your OpenClaw Instance and Scan Skills

Name: Clawned - Protect your OpenClaw Instance and Scan Skills
Author: jenish-sojitra

作者 jenish-sojitra · GitHub ↗ · v1.3.5

cross-platform ⚠ suspicious

548

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clawned

功能描述

Security agent that inventories installed OpenClaw skills, analyzes them for threats, and syncs results to your Clawned dashboard.

使用说明 (SKILL.md)

Clawned — Security Agent for OpenClaw

Automatically discovers all installed skills, analyzes them for security threats, and syncs results to your Clawned dashboard.

Setup

Configure your API key in openclaw.json:

{
  "skills": {
    "entries": {
      "clawned": {
        "enabled": true,
        "env": {
          "CLAWNED_API_KEY": "cg_your_api_key_here",
          "CLAWNED_SERVER": "https://api.clawned.io"
        }
      }
    }
  }
}

Commands

Sync all installed skills to dashboard

python3 {baseDir}/scripts/agent.py sync

Scan a single skill locally

python3 {baseDir}/scripts/agent.py scan --path \x3Cskill-directory>

List all discovered skills

python3 {baseDir}/scripts/agent.py inventory

Check agent status

python3 {baseDir}/scripts/agent.py status

Data & Privacy

During sync (default operation):

Sends only skill metadata: name, owner, slug, version
No file contents are uploaded
No .env files or secrets are ever read

During scan --path (explicit user action only):

Reads source files (.md, .py, .js, etc.) from the specified skill directory for analysis
.env files are excluded from scanning
File contents are sent to the Clawned server for security analysis

Local config access:

Reads ~/.openclaw/openclaw.json only to locate skill directories (extraDirs paths)
No credentials or secrets are read from config files

Automatic Sync

Schedule every 6 hours via OpenClaw cron:

{
  "jobs": [
    {
      "schedule": "0 */6 * * *",
      "command": "Run clawned sync to check all installed skills",
      "description": "Security scan every 6 hours"
    }
  ]
}

安全使用建议

This skill mostly implements a legitimate scanning/metadata-syncing agent, but there are important mismatches and privacy implications you should consider before installing: - Do not put your CLAWNED_API_KEY into ~/.openclaw/openclaw.json just because the SKILL.md example shows it. The shipped agent reads the API key from the environment (CLAWNED_API_KEY). Storing secrets in openclaw.json may expose them to other local processes or backups. - The agent does load ~/.openclaw/openclaw.json to find extraDirs. That is reasonable for discovering skill locations, but be aware that openclaw.json often contains other service API keys or tokens — keep secrets out of that file or audit its contents first. - 'sync' only sends metadata according to the SKILL.md and agent code, but 'scan --path' will read and upload file contents from a skill directory (explicit user action). Before running a scan, review which files will be collected (SCANNABLE_EXTS and limits: up to 30 files, 512KB each) so you don't inadvertently upload sensitive files. .env files are intentionally skipped by the agent, but secrets embedded in other files (JSON, YAML, .py, etc.) would be included. - Verify you trust the remote server (CLAWNED_SERVER / api.clawned.io) before supplying an API key. If you have a private Clawned deployment, set CLAWNED_SERVER to your trusted endpoint. - If you want to be cautious: run the agent manually in an isolated environment first (or with a read-only mount of skill directories), inspect the code, and avoid enabling automated cron syncs until you are comfortable with what is being sent. - The primary concrete inconsistencies to resolve with the publisher are: (1) whether the agent expects the API key in env vs openclaw.json, and (2) the SKILL.md statement that config files contain no credentials (which is not guaranteed). If the publisher can't clarify these, treat the skill as higher-risk.

功能分析

Type: OpenClaw Skill Name: clawned Version: 1.3.5 The OpenClaw AgentSkills bundle 'clawned' is classified as benign. Its core functionality involves discovering installed skills, syncing their metadata to `api.clawned.io`, and optionally uploading skill source code for security analysis upon explicit user command (`scan --path`). The `SKILL.md` documentation clearly outlines data handling, specifying that file contents are only uploaded during an explicit `scan` action, and `.env` files/secrets are excluded from scanning. The `scripts/agent.py` code aligns with these claims, showing no evidence of unauthorized credential harvesting (e.g., `~/.ssh`, `~/.aws`), bulk environment variable exfiltration, malicious execution, persistence beyond its stated monitoring purpose, or prompt injection attempts in the markdown instructions. All network communication and file access are consistent with its stated purpose as a security agent.

能力评估

ℹ Purpose & Capability

The declared purpose (discover skills, analyze, sync to Clawned) matches the single required binary (python3) and a CLAWNED_API_KEY credential. Requesting a single API key is proportionate to the stated purpose. However the SKILL.md instructs the user to place the API key in openclaw.json while the runtime code reads the API key from the environment (os.getenv). That mismatch is an operational/instructional inconsistency.

⚠ Instruction Scope

SKILL.md repeatedly asserts that no credentials/secrets are read from config files and that sync sends only metadata. The agent code does load ~/.openclaw/openclaw.json (to locate extraDirs) and reads skill metadata files. Loading openclaw.json is reasonable to find extraDirs, but that file often contains other configuration and API keys for OpenClaw — SKILL.md's blanket statement 'No credentials or secrets are read from config files' is misleading. The code also will upload full file contents when the explicit 'scan --path' command is used (per the SKILL.md), which is expected for a scanning agent but is a high-impact operation and must be explicitly authorized by the user.

✓ Install Mechanism

There is no install spec (instruction-only plus a Python script included). No remote downloads or package managers are invoked by the bundled code. This is lower risk than skills that fetch and execute remote code at install time.

⚠ Credentials

Only CLAWNED_API_KEY (and optional CLAWNED_SERVER) are required — that's reasonable. But SKILL.md instructs users to put the API key into openclaw.json under a skill entry, while the runtime code expects an environment variable. Because the agent loads openclaw.json to discover skill directories, a user following SKILL.md's guidance could inadvertently store their API key in openclaw.json (exposing it to other code or processes) even though the agent will ignore it. The agent does not request unrelated credentials, but reading openclaw.json is sensitive because it may contain other secrets for the host.

ℹ Persistence & Privilege

The skill creates state/pid/log files under ~/.openclaw, registers an agent id with the server, and the SKILL.md suggests scheduling automatic syncs (OpenClaw cron). It does not request 'always: true' or system-level privileges. These behaviors are typical for a monitoring agent, but persistent scheduled syncing combined with the ability to upload file contents (via explicit scan) increases the blast radius if you trust the remote server.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clawned
安装完成后，直接呼叫该 Skill 的名称或使用 /clawned 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.3.5

- Removed detection-patterns.md and threat-model.md files. - No changes to user-facing commands or documentation.

v1.3.4

- Added documentation: detection-patterns.md and threat-model.md files. - Improved privacy and data transparency section in documentation. - Clarified required and optional environment variables in metadata. - Updated homepage URL to clawned.io. - Removed unused scripts/scan.py file.

v1.3.3

Scan skills and report back to Dashboard - Improved SKILL.md with detailed setup instructions, usage commands, and scheduling examples. - Clarified agent features: skill inventory, security analysis, and dashboard syncing. - Added command-line usage for syncing, scanning, listing, and status checks. - Included instructions for secure API key configuration and automated scheduled scans.

元数据

Slug clawned

版本 1.3.5

许可证 —

累计安装 1

当前安装数 1

历史版本数 3

常见问题