← Back to Scanner

openclaw-master-skills Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

openclaw-master-skills is an AI agent skill, created by LeoYeAI and published at LeoYeAI/openclaw-master-skills. ClawSecure audited openclaw-master-skills across 71 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 24/100 (High Risk). The 13 findings concentrate in Obfuscation, Command Injection and Malicious Code, including File 'skills/adwords/scripts/copy.sh' contains characters from mixed... and Attempts to access sensitive file: MEMORY.md. 5 were rated high or critical severity.

Is openclaw-master-skills safe?

ClawSecure audited openclaw-master-skills and assigned a security score of 24/100 (High Risk), identifying 13 findings across Obfuscation and Command Injection. Review the findings below before installing.

What did ClawSecure find in openclaw-master-skills?

ClawSecure identified 13 findings in openclaw-master-skills, concentrated in Obfuscation, Command Injection and Malicious Code. 5 were rated high or critical severity. The most severe include File 'skills/adwords/scripts/copy.sh' contains characters from mixed... and Attempts to access sensitive file: MEMORY.md.

How was openclaw-master-skills audited?

ClawSecure ran openclaw-master-skills through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 71 files from LeoYeAI/openclaw-master-skills.

What does a score of 24 mean?

ClawSecure assigned openclaw-master-skills a security score of 24/100, placing it in the High Risk range. This is driven by 13 findings led by Obfuscation that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for openclaw-master-skills

ClawSecure detected 13 security findings in openclaw-master-skills, spanning Obfuscation, Command Injection, Malicious Code and Code Injection.

Showing the 12 highest-severity of 13 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for openclaw-master-skills

Review obfuscated or hidden code
openclaw-master-skills contains obfuscated or hidden content that resists review. Inspect encoded, minified or hidden files to confirm they are not concealing unexpected behavior before installing.
Harden command execution
openclaw-master-skills constructs or runs system commands. Validate that commands are built only from trusted inputs, never pass user-controlled strings directly to a shell, and restrict execution to an allow-list of expected commands.
Audit external network connections
openclaw-master-skills connects to external endpoints. Verify every outbound connection goes to a trusted destination. Unauthorized callbacks are a primary indicator of ClawHavoc malware and data exfiltration. ClawSecure's proprietary engine monitors for known malicious endpoints including C2 infrastructure.

Related Security Research

Why Generic Scanners Fail at AI Agent SecurityBeyond Static Scans: Why ClawSecure Verifies Agentic Intent

Related AI Agent Security Audits

9c0a7c48db776b22Score 25/1009c0a7c48db776b22Score 25/1009c0a7c48db776b22Score 25/100mission-controlScore 33/100mission-controlScore 33/100

Scanned on April 20, 2026. openclaw-master-skills is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan