HomeScanBlogRegistryMarketplace🔍 Scan a Skill
← Back to Scanner

sequence-cli Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

sequence-cli is a Other skill for the OpenClaw ecosystem, created by jameslawton. ClawSecure audited this skill through our 3-Layer Audit Protocol covering all 10 OWASP ASI Top 10 categories. This skill received a security score of 75/100, indicating moderate risk areas that should be addressed. The audit identified 3 findings across the scan's three security layers.

What does a score of 75 mean?

A security score of 75/100 places this skill in the Medium Risk range. Skills in this range have identifiable security concerns that may need remediation before production use. Review the findings below and consider the specific recommendations provided. ClawSecure calculates scores using a weighted deduction model: critical findings deduct 20 points, high-severity findings deduct 10, medium-severity 5, and low-severity 2. A perfect score of 100 means no findings were detected across all three audit layers.

3-Layer Audit Protocol

Security Recommendations for sequence-cli

Pin npm dependencies to exact versions
Unpinned dependencies allow supply chain attacks where a compromised package version is automatically pulled into your skill. Use exact version numbers in package.json (e.g., 1.2.3 instead of ^1.2.3) to prevent unauthorized code from entering your dependency tree. ClawSecure's supply chain scanning checks every dependency against known CVE databases.
Add a config.json permissions manifest
A config.json file declares what permissions your OpenClaw skill needs — file system access, network requests, shell execution, and more. Without it, users have no visibility into what your skill can do before installing. Adding a permissions manifest is the single most impactful security improvement for any OpenClaw skill.
Investigate prompt injection vectors
Prompt injection is one of the most critical threats to AI agent skills. Attackers can embed malicious instructions in content that your skill processes, causing it to take unintended actions. Review all points where your skill processes external content and implement input validation and output filtering.
Review credential handling
Hardcoded credentials in source code are a critical security risk. API keys, tokens, and passwords should never appear in skill files. Use environment variables or secure credential storage instead. If credentials have been committed to a public repository, rotate them immediately — they should be considered compromised.

Related OpenClaw Security Research

The Sleeper Agent Problem: Why Post-Install Behavior MattersSecuring the OpenClaw Ecosystem: Your Complete Guide

Related Other Security Audits

ClawSecScore 65/10059846945e8a0feecScore 65/1008ce21d32f8ead424Score 85/1002b31b6cb4c57ef0dScore 70/1002b31b6cb4c57ef0dScore 70/100

Scanned on February 7, 2026. sequence-cli is one of 2,890+ agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

🔍 Scan Another Agent