← Back to Scanner

openclaw-master-skills Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

openclaw-master-skills is an AI agent skill, created by LeoYeAI and published at LeoYeAI/openclaw-master-skills. ClawSecure audited openclaw-master-skills across 73 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 44 findings concentrate in Data Exfiltration, Malicious Code and Command Injection, including Environment variable access with network calls in skills/2037/cache.py,... and Multi-file exfiltration chain detected: skills/2037/cache.py,.... 19 were rated high or critical severity.

Is openclaw-master-skills safe?

ClawSecure audited openclaw-master-skills and assigned a security score of 0/100 (High Risk), identifying 44 findings across Data Exfiltration and Malicious Code. Review the findings below before installing.

What did ClawSecure find in openclaw-master-skills?

ClawSecure identified 44 findings in openclaw-master-skills, concentrated in Data Exfiltration, Malicious Code and Command Injection. 19 were rated high or critical severity. The most severe include Environment variable access with network calls in skills/2037/cache.py,... and Multi-file exfiltration chain detected: skills/2037/cache.py,....

How was openclaw-master-skills audited?

ClawSecure ran openclaw-master-skills through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 73 files from LeoYeAI/openclaw-master-skills.

What does a score of 0 mean?

ClawSecure assigned openclaw-master-skills a security score of 0/100, placing it in the High Risk range. This is driven by 44 findings led by Data Exfiltration that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for openclaw-master-skills

ClawSecure detected 44 security findings in openclaw-master-skills, spanning Data Exfiltration, Malicious Code, Command Injection and Obfuscation.

Showing the 12 highest-severity of 44 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for openclaw-master-skills

Audit external network connections
openclaw-master-skills sends data to external endpoints. Confirm each destination is expected and authorized, and remove any callback that exfiltrates data. ClawSecure monitors for known exfiltration and C2 endpoints.
Harden command execution
openclaw-master-skills constructs or runs system commands. Validate that commands are built only from trusted inputs, never pass user-controlled strings directly to a shell, and restrict execution to an allow-list of expected commands.
Review obfuscated or hidden code
openclaw-master-skills contains obfuscated or hidden content that resists review. Inspect encoded, minified or hidden files to confirm they are not concealing unexpected behavior before installing.

Related Security Research

ClawHavoc Explained: The Malware Family Targeting AI AgentsBeyond Static Scans: Why ClawSecure Verifies Agentic Intent

Related AI Agent Security Audits

capability-evolverScore 0/100capability-evolverScore 0/10062ac696296b54aadScore 0/1006bc837afc1a86e89Score 0/100understand-anythingScore 0/100

Scanned on June 1, 2026. openclaw-master-skills is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan