What does OpenClaw Arbiter audit?

It audits installed skills for network, subprocess execution, file writes, environment variable access, and unsafe operations, and provides a per-skill permission matrix.

What do the exit codes mean?

0 — Clean; 1 — Elevated permissions detected; 2 — Critical permissions detected.

Does Arbiter require external dependencies?

No. It uses the Python standard library only, with no pip installs, and runs locally across platforms.

Openclaw Arbiter

Verified

@AtlasPA

npx machina-cli add skill @AtlasPA/openclaw-arbiter --openclaw

Files (1)

SKILL.md

2.1 KB

OpenClaw Arbiter

Audits installed skills to report exactly what system resources each one accesses — network, subprocess, file I/O, environment variables, and unsafe operations.

The Problem

You install skills and trust them blindly. A skill that claims to format markdown could also open network connections, execute shell commands, or read your environment variables. Nothing reports what permissions each skill actually uses.

Commands

Full Audit

Deep audit of all installed skills with line-level findings.

python3 {baseDir}/scripts/arbiter.py audit --workspace /path/to/workspace

Audit Single Skill

python3 {baseDir}/scripts/arbiter.py audit openclaw-warden --workspace /path/to/workspace

Permission Matrix

Compact table showing permission categories per skill.

python3 {baseDir}/scripts/arbiter.py report --workspace /path/to/workspace

Quick Status

One-line summary of permission risk.

python3 {baseDir}/scripts/arbiter.py status --workspace /path/to/workspace

What It Detects

Category	Risk	Examples
Serialization	CRITICAL	pickle, eval(), exec(), import
Subprocess	HIGH	subprocess, os.system, Popen, command substitution
Network	HIGH	urllib, requests, curl, wget, hardcoded URLs
File Write	MEDIUM	open('w'), shutil.copy, os.remove, rm
Environment	MEDIUM	os.environ, os.getenv, os.putenv
Crypto	LOW	hashlib, hmac, ssl
File Read	LOW	open('r'), os.walk, glob

Exit Codes

0 — Clean, all skills within normal bounds
1 — Elevated permissions detected (review needed)
2 — Critical permissions detected (action needed)

No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.

Source

git clone https://clawhub.ai/AtlasPA/openclaw-arbiterView on GitHub

Overview

OpenClaw Arbiter audits installed skills to report exactly what system resources each one accesses—network, subprocess, file I/O, environment variables, and unsafe operations. This visibility helps security teams verify permissions, enforce policies, and decide when revocation or quarantine is warranted.

How This Skill Works

It performs a structured audit of installed skills, flagging access to network, subprocess execution, file writes, environment variables, and unsafe operations. You can run a full workspace audit, an audit for a single skill, or generate a permission matrix and quick status, all via Python scripts in the local environment. It relies solely on the Python standard library, with no external dependencies.

When to Use It

After adding new skills to a workspace to verify permissions
During security reviews to detect elevated or dangerous access
Before enabling skills that might execute external commands or network calls
When onboarding third-party skills to understand their resource usage
For ongoing risk monitoring with periodic audits and policy enforcement

Quick Start

Step 1: Determine your workspace path for the audit
Step 2: Run a full workspace audit: python3 {baseDir}/scripts/arbiter.py audit --workspace /path/to/workspace
Step 3: Review results with the matrix or quick status: python3 {baseDir}/scripts/arbiter.py report --workspace /path/to/workspace; python3 {baseDir}/scripts/arbiter.py status --workspace /path/to/workspace

Best Practices

Run a full audit after adding or updating skills in a workspace
Regularly compare the permission matrix against established baselines
Prioritize remediation for high/critical risks (Serialization, Subprocess, Network)
Integrate Arbiter findings into security policies and response playbooks
Re-audit whenever skills are updated or removed to detect changes

Example Use Cases

A data science project adds a skill that makes outbound HTTP requests; Arbiter flags Network access and prompts a security review.
A skill spawns subprocesses; Arbiter flags Subprocess access, triggering remediation or sandboxing.
A CI/CD plugin writes config files during execution; Arbiter flags File Write and alerts operators.
A third-party skill uses pickle-based deserialization; Serialization risk is detected for policy action.
Weekly audit run identifies elevated permissions across multiple skills, informing governance decisions.

Frequently Asked Questions

Add this skill to your agents