aliyun-clawscan
Analyzes the security posture of a user's OpenClaw environment and installed skills. Use when a user is about to install a new skill and wants to verify its safety, has concerns about the behavior of an existing skill, or needs a comprehensive security check of their entire OpenClaw setup. Helpful for users performing a security audit, investigating a suspicious skill, or needing to assess configuration risks and potential vulnerabilities before proceeding with installations.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/aliyun-ai-sec/aliyun-clawscanWhat This Skill Does
aliyun-clawscan acts as a specialized security diagnostic tool for the OpenClaw ecosystem, developed by Alibaba Cloud. It performs a dual-layered security assessment: first, it executes a comprehensive configuration audit of your OpenClaw environment, checking for misconfigurations in network settings, gateway access, and system permissions. Second, it performs a deep static analysis of all installed skills, flagging malicious patterns such as reverse shells, credential harvesting, unauthorized data exfiltration, or cryptomining activities. The skill provides a structured report that identifies potential vulnerabilities based on 11 distinct risk categories, ensuring your environment remains hardened against emerging threats.
Installation
To install this security tool, run the following command in your terminal:
clawhub install openclaw/skills/skills/aliyun-ai-sec/aliyun-clawscan
Ensure you are running the latest version of OpenClaw to support the deep inspection commands utilized by this skill.
Use Cases
- Pre-Installation Verification: Scans a new skill before you fully integrate it into your workflow to ensure it doesn't contain hidden backdoors.
- Periodic Security Audits: Use this as a scheduled health check to ensure your environment configurations haven't drifted from established security baselines.
- Incident Investigation: If your system is behaving sluggishly or showing unauthorized network traffic, use this skill to audit installed packages for persistence mechanisms or malicious services.
- Configuration Hardening: Identifies specific OpenClaw configuration risks that might expose your local files or network tools to unauthorized access.
Example Prompts
- "Perform a full security audit of my OpenClaw setup and check if any installed skills are behaving suspiciously."
- "I'm about to install a new web scraper skill. Can you scan it for potential vulnerabilities or data exfiltration risks before I proceed?"
- "Run a deep configuration audit and list any settings that violate the recommended security baseline."
Tips & Limitations
- Static Analysis Depth: While the static analysis is highly effective at catching known malicious signatures, it should not replace proactive network monitoring.
- Environment Consistency: Ensure that
openclawcore utilities are updated to the latest version, as the scanning accuracy depends on the underlyingsecurity auditcommand capabilities. - Risk Thresholds: Always review 'Medium' risk warnings, as they may refer to legitimate skills requiring elevated permissions that might otherwise trigger false positives.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-aliyun-ai-sec-aliyun-clawscan": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution