OpenClaw Arbiter
Audits installed skills to report exactly what system resources each one accesses — network, subprocess, file I/O, environment variables, and unsafe operations.
The Problem
You install skills and trust them blindly. A skill that claims to format markdown could also open network connections, execute shell commands, or read your environment variables. Nothing reports what permissions each skill actually uses.
Commands
Full Audit
Deep audit of all installed skills with line-level findings.
CODEBLOCK0
Audit Single Skill
CODEBLOCK1
Permission Matrix
Compact table showing permission categories per skill.
CODEBLOCK2
Quick Status
One-line summary of permission risk.
CODEBLOCK3
What It Detects
| Category | Risk | Examples |
|---|
| Serialization | CRITICAL | pickle, eval(), exec(), import |
| Subprocess |
HIGH | subprocess, os.system, Popen, command substitution |
|
Network | HIGH | urllib, requests, curl, wget, hardcoded URLs |
|
File Write | MEDIUM | open('w'), shutil.copy, os.remove, rm |
|
Environment | MEDIUM | os.environ, os.getenv, os.putenv |
|
Crypto | LOW | hashlib, hmac, ssl |
|
File Read | LOW | open('r'), os.walk, glob |
Exit Codes
- -
0 — Clean, all skills within normal bounds - INLINECODE1� — Elevated permissions detected (review needed)
- INLINECODE2� — Critical permissions detected (action needed)
No External Dependencies
Python standard library only. No pip install. No network calls. Everything runs locally.
Cross-Platform
Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.
OpenClaw Arbiter
审计已安装的技能,精确报告每个技能访问的系统资源——网络、子进程、文件I/O、环境变量以及不安全操作。
问题所在
你安装技能并盲目信任它们。一个声称能格式化Markdown的技能,也可能打开网络连接、执行Shell命令或读取你的环境变量。没有任何工具能报告每个技能实际使用了哪些权限。
命令
完整审计
对所有已安装技能进行深度审计,包含行级发现结果。
bash
python3 {baseDir}/scripts/arbiter.py audit --workspace /path/to/workspace
审计单个技能
bash
python3 {baseDir}/scripts/arbiter.py audit openclaw-warden --workspace /path/to/workspace
权限矩阵
以紧凑表格展示每个技能的权限类别。
bash
python3 {baseDir}/scripts/arbiter.py report --workspace /path/to/workspace
快速状态
一行摘要显示权限风险。
bash
python3 {baseDir}/scripts/arbiter.py status --workspace /path/to/workspace
检测内容
| 类别 | 风险等级 | 示例 |
|---|
| 序列化 | 严重 | pickle, eval(), exec(), import |
| 子进程 |
高 | subprocess, os.system, Popen, 命令替换 |
|
网络 | 高 | urllib, requests, curl, wget, 硬编码URL |
|
文件写入 | 中 | open(w), shutil.copy, os.remove, rm |
|
环境变量 | 中 | os.environ, os.getenv, os.putenv |
|
加密 | 低 | hashlib, hmac, ssl |
|
文件读取 | 低 | open(r), os.walk, glob |
退出码
- - 0 — 干净,所有技能均在正常范围内
- 1 — 检测到提升的权限(需要审查)
- 2 — 检测到严重权限(需要处理)
无外部依赖
仅使用Python标准库。无需pip安装。无网络调用。一切在本地运行。
跨平台
兼容OpenClaw、Claude Code、Cursor以及任何使用Agent Skills规范的工具。
