Security Guardian

Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides...

What to consider before installing: - Code review: The packaged scripts are small and readable; review them yourself before running. The skill has no homepage or provenance, which lowers trust — prefer skills with verified sources. - Run scope: Use the tool only on intended project workspace paths. The secret scanner blocks system roots by default; avoid using --force unless you explicitly intend to scan system directories. - Handling findings: Treat any reported secrets as sensitive. Do not paste findings (secret values) into public channels. Use a vetted credential manager (review the mema-vault skill) to rotate and vault secrets rather than storing them in plain text. - Environment: Trivy may download vulnerability DB updates during scans; run it in an environment where network access and telemetry are acceptable. Consider running scans in an isolated environment if you have high security requirements. - False positives & limitations: The regex patterns can generate false positives and may miss obfuscated secrets; use findings as actionable leads, not absolute truth. - If you need higher assurance: ask the skill author for provenance (repo/homepage, signed release) or reimplement equivalent checks from known tools. If you will integrate with an external vault, validate that integration code and do not give vault credentials to untrusted skills.

Type: OpenClaw Skill Name: security-guardian Version: 1.1.0 The skill is classified as suspicious due to a shell injection vulnerability in `scripts/scan_container.sh`. The script directly passes the `$IMAGE_NAME` argument to the `trivy` command without proper sanitization or quoting, allowing for potential arbitrary command execution if a malicious image name is provided (e.g., `myimage; rm -rf /`). While the skill's stated purpose of security auditing is benign, this critical vulnerability allows for exploitation by a malicious actor controlling the input. Other files (`SKILL.md`, `scripts/scan_secrets.py`) appear benign and well-intentioned, with `scan_secrets.py` even including good security guardrails against scanning dangerous system paths.