The project aims to enhance security auditing for OpenClaw agent skills by implementing a three-layer audit protocol. Layer 1 (L1) focuses on pattern-based detection, aiming to identify behaviors indicative of malicious activity such as C2 beaconing and webhook exfiltration. This layer is designed with context-awareness to distinguish between normal and suspicious activities. Layer 2 (L2) incorporates static and dynamic code analysis techniques including YARA matching, dataflow tracing, and base64 payload identification to further scrutinize the skill code. The third layer (L3) performs supply chain scanning against known vulnerabilities from OSV.dev for npm dependencies. An additional feature called 'Watchtower' continuously monitors the SHA-256 hashes of audited skills to detect any post-installation modifications, ensuring that only expected changes are made. This comprehensive approach maps findings to the OWASP Agentic Security Initiative framework, providing a structured and standardized security assessment.
- OpenClaw agent skills
- Install the OpenClaw agent with the latest version: `npm install @openclaw/agent@latest`
- Integrate the 3-Layer Audit Protocol into your development workflow by setting up YARA rules and dataflow tracing scripts.
- Enable continuous monitoring ('Watchtower') to track SHA-256 hashes of skills using the provided script.
The stack impact is primarily on software developers who use OpenClaw agent skills. This involves integrating new security protocols into their development environments and ensuring that all dependencies are audited against known vulnerabilities.