openclawselfguard

Monitors local OpenClaw version daily at 06:00 Beijing time against NVD and GitHub advisories, reporting found CVEs with remediation steps.

This skill appears to do what it says: detect the local OpenClaw version, query NVD and GitHub, and schedule daily checks. Before installing or running it: 1) Inspect and (if desired) run the scripts manually to verify behavior (python3 scripts/get_version.py --json and python3 scripts/check_vulns.py --json). 2) Review and approve the cron/job entry that setup_cron.sh will write to ~/.openclaw/cron/jobs.json (the script backs up existing file). 3) Do not pass a delivery channel to setup_cron.sh unless you trust the configured channel — by default it is console only; enabling a channel may cause the report (including local version info and any findings) to be sent externally. 4) Be aware of bugs: fetch_github.py has a coding error (an undefined 'undefined' usage in params) and version-range checking in check_vulns.py is simplistic; these may make the tool fail or produce false negatives/positives. If you want to use it, consider fixing those issues or running checks manually and verifying outputs before relying on the cron automation.

Type: OpenClaw Skill Name: openclaw-self-guard Version: 1.0.1 The skill is a security monitoring tool that checks for OpenClaw vulnerabilities using NVD and GitHub APIs. It performs high-risk actions including automated persistence by modifying the OpenClaw cron configuration (~/.openclaw/cron/jobs.json), executing local shell commands for version detection (openclaw --version), and making external network requests to services.nvd.nist.gov and api.github.com. While these capabilities are aligned with the stated purpose, the combination of automated system modification and logic flaws—such as a broken version comparison in check_vulns.py and a NameError (undefined variable) in fetch_github.py—warrants a suspicious classification under the provided criteria.