riskpulse is a Other skill for the OpenClaw ecosystem. ClawSecure audited this skill through our 3-Layer Audit Protocol covering all 10 OWASP ASI Top 10 categories. This skill received a security score of 91/100, qualifying for ClawSecure Verified status. The audit identified 9 findings, with issues detected across multiple security layers.
3-Layer Audit Protocol
Security Recommendations for riskpulse
Pin npm dependencies to exact versions
Unpinned dependencies allow supply chain attacks where a compromised package version is automatically pulled into your skill. Use exact version numbers in package.json (e.g.,
1.2.3 instead of ^1.2.3) to prevent unauthorized code from entering your dependency tree. ClawSecure's supply chain scanning checks every dependency against known CVE databases.Add a config.json permissions manifest
A config.json file declares what permissions your OpenClaw skill needs — file system access, network requests, shell execution, and more. Without it, users have no visibility into what your skill can do before installing. Adding a permissions manifest is the single most impactful security improvement for any OpenClaw skill.
Update vulnerable dependencies
This skill has dependencies with known security vulnerabilities (CVEs). Update affected packages to their latest patched versions. Run
npm audit locally to see the full dependency tree and use npm audit fix to automatically resolve compatible updates. ClawSecure's Watchtower will re-scan this skill automatically when the code changes.Related OpenClaw Security Research
Beyond Static Scans: The Case for Runtime Integrity→How to Verify Any OpenClaw Skill in 30 Seconds→Related Other Security Audits
Scanned on February 18, 2026. riskpulse is one of 2,890+ agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.