← Back to Scanner

env-healer Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

env-healer is an AI agent skill. ClawSecure audited env-healer across 1 file through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 80/100 (Safe). The 4 findings concentrate in Code Injection, Obfuscation and Permissions Manifest, including Potentially dangerous code pattern detected: base64.*decode and File 'SKILL.md' extension (.md) suggests one format but…. 1 was rated high or critical severity.

Is env-healer safe?

ClawSecure audited env-healer and assigned a security score of 80/100 (Safe), identifying 4 findings across Code Injection and Obfuscation. Review the findings below before installing.

What did ClawSecure find in env-healer?

ClawSecure identified 4 findings in env-healer, concentrated in Code Injection, Obfuscation and Permissions Manifest. 1 was rated high or critical severity. The most severe include Potentially dangerous code pattern detected: base64.*decode and File 'SKILL.md' extension (.md) suggests one format but….

How was env-healer audited?

ClawSecure ran env-healer through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 1 file.

What does a score of 80 mean?

ClawSecure assigned env-healer a security score of 80/100, placing it in the Safe range. Scores of 80 or above qualify for ClawSecure Verified status, though 1 finding was rated high or critical and warrants review. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for env-healer

ClawSecure detected 4 security findings in env-healer, spanning Code Injection, Obfuscation, Permissions Manifest and Policy Violation.

Each finding is expandable in the interactive list below.

3-Layer Audit Protocol

Security Recommendations for env-healer

Eliminate dynamic code execution
env-healer evaluates code at runtime (for example eval or dynamic exec). Remove dynamic evaluation of untrusted input, and where code generation is unavoidable, sandbox it and validate every input.
Review obfuscated or hidden code
env-healer contains obfuscated or hidden content that resists review. Inspect encoded, minified or hidden files to confirm they are not concealing unexpected behavior before installing.
Add a config.json permissions manifest
A config.json file declares what an agent component can access: file system, network, shell execution and more. Without it, users have no visibility into what the component can do before installing. This is the single most impactful security improvement for any AI agent skill.
Resolve policy violations
env-healer trips ClawSecure policy checks. Review each flagged pattern against your security policy and remediate or document an accepted exception before production use.

Related Security Research

Why Generic Scanners Fail at AI Agent SecurityBeyond Static Scans: Why ClawSecure Verifies Agentic IntentHow to Secure an MCP Server: The 2026 Guide

Related AI Agent Security Audits

devops-mainScore 75/100TestFilesScore 95/100devops-mainScore 75/100devops-mainScore 75/100redditScore 80/100

Scanned on April 15, 2026. env-healer is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan