openclaw security auditor

OpenClaw Security Auditor (OSA) - Comprehensive security auditing tool for OpenClaw deployments. Provides 60-second security diagnosis, risk scoring (0-100),...

What to consider before installing or running this skill: 1) Missing dependency / ambiguous import: scripts/security_scanner.py inserts a path outside the skill and imports osa.scanner_fixed / osa.reporter / osa.models. The skill bundle does NOT include an 'osa' package or an 'openclaw-security-auditor' directory. That means the skill will either fail to run or will import code from whatever exists at that external path on the host. Do not run this on a production machine until you confirm where that dependency comes from and inspect it. 2) Inconsistent APIs and missing files: SKILL.md examples reference SecurityScanner and ReportGenerator classes and files like scripts/i18n.py and multiple reference docs that are not present in the package. The examples may not work as written. Ask the author for a clear install/run guide and for the missing files or a packaged dependency. 3) File writes to your config: The fixer script will backup and then modify your OpenClaw config file by default (unless you use --dry-run). Always make your own backup, inspect the changes, or run in a safe environment first. Review the exact modifications (_apply_*_profile functions) to ensure they match your intent. 4) No install instructions: The skill contains code but no install specification. If you want to run it, run it in an isolated sandbox (container/VM) first, and inspect any external package (osa / openclaw-security-auditor) before allowing it to run against your real configuration. 5) Recommended actions: Request the maintainer to (a) include or document the osa dependency and provide a reproducible install step, (b) fix the SKILL.md examples to match the shipped modules/functions, and (c) clarify which files are safe to run and which are placeholders. If you must try it now, run test_skill.py in a controlled environment and do not run config_fixer.py without --dry-run and manual review.

Type: OpenClaw Skill Name: openclaw-security-auditor-skill Version: 1.0.0 The skill bundle is a legitimate security auditing tool for OpenClaw deployments. It contains scripts (security_scanner.py, report_generator.py, config_fixer.py) designed to analyze configuration files, generate bilingual reports, and provide remediation steps. While config_fixer.py includes an 'aggressive' mode that disables authentication, this is clearly documented for testing purposes only. The code follows its stated purpose without evidence of data exfiltration, obfuscation, or malicious intent.