OpenClaw Policy Check

Scan repositories for risky security patterns before execution. Use when users ask for a quick preflight security check, policy enforcement scan, suspicious code triage, or detection of unsafe commands, secret leakage, and dangerous shell behavior.

This skill is coherent: it runs a local regex-based scan and prints findings. Before installing or running it, consider: (1) it reads repository files (including any secrets present) and will print snippets to stdout — run it on sensitive repos in a secure or isolated environment if you are worried about logs or agent transcripts; (2) the scanner is rule-based and may produce false positives/negatives—review the rules if you need tuned behavior; (3) because it prints detected snippets, do not forward its raw output to untrusted destinations; and (4) if you want to be extra cautious, inspect scripts/policy_check.py yourself (it is short and contains no network or write-side effects).

Type: OpenClaw Skill Name: openclaw-policy-check Version: 1.0.0 The OpenClaw Policy Check skill is designed as a security scanner to detect risky patterns in code and scripts. The `scripts/policy_check.py` script uses regular expressions to identify common vulnerabilities and potentially malicious constructs (e.g., `curl|sh`, `rm -rf /`, `shell=True` in Python, hardcoded secrets, exfiltration endpoints). The script itself does not perform any malicious actions like data exfiltration, unauthorized execution, or persistence. It only reads specified files and reports findings. The `SKILL.md` instructions guide the AI agent to run the scan and report results, without any evidence of prompt injection attempting to subvert the agent's intended behavior for harmful purposes. All identified high-risk patterns are for detection, not execution by the skill itself.