← Back to Scanner

keep Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

keep is an AI agent skill, created by hughpyle and published at openclaw/skills. ClawSecure audited keep across 50 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 20 findings concentrate in Data Exfiltration, Social Engineering and Policy Violation, including Pattern detected: requests.post( and Pattern detected: requests.post(. 8 were rated high or critical severity.

Is keep safe?

ClawSecure audited keep and assigned a security score of 0/100 (High Risk), identifying 20 findings across Data Exfiltration and Social Engineering. Review the findings below before installing.

What did ClawSecure find in keep?

ClawSecure identified 20 findings in keep, concentrated in Data Exfiltration, Social Engineering and Policy Violation. 8 were rated high or critical severity. The most severe include Pattern detected: requests.post( and Pattern detected: requests.post(.

How was keep audited?

ClawSecure ran keep through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 50 files from openclaw/skills.

What does a score of 0 mean?

ClawSecure assigned keep a security score of 0/100, placing it in the High Risk range. This is driven by 20 findings led by Data Exfiltration that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for keep

ClawSecure detected 20 security findings in keep, spanning Data Exfiltration, Social Engineering, Policy Violation and Unauthorized Tool Use.

Showing the 12 highest-severity of 20 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for keep

Audit external network connections
keep sends data to external endpoints. Confirm each destination is expected and authorized, and remove any callback that exfiltrates data. ClawSecure monitors for known exfiltration and C2 endpoints.
Resolve policy violations
keep trips ClawSecure policy checks. Review each flagged pattern against your security policy and remediate or document an accepted exception before production use.
Investigate prompt injection vectors
Prompt injection is one of the most critical threats to AI agents. Attackers can embed malicious instructions in content the agent processes, causing unintended actions. Review every point where keep processes external content and add input validation and output filtering.

Related Security Research

ClawHavoc Explained: The Malware Family Targeting AI AgentsBeyond Static Scans: Why ClawSecure Verifies Agentic Intent

Related AI Agent Security Audits

6bc837afc1a86e89Score 0/100understand-anythingScore 0/100memory-lancedb-proScore 0/10062ac696296b54aadScore 0/100gstackScore 0/100

Scanned on February 7, 2026. keep is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan