openclaw-arbiter

# OpenClaw Arbiter

Audits installed skills to report exactly what system resources each one accesses — network, subprocess, file I/O, environment variables, and unsafe operations.

## The Problem

You install skills and trust them blindly. A skill that claims to format markdown could also open network connections, execute shell commands, or read your environment variables. Nothing reports what permissions each skill actually uses.


## Commands

### Full Audit

Deep audit of all installed skills with line-level findings.

```bash
python3 {baseDir}/scripts/arbiter.py audit --workspace /path/to/workspace
```

### Audit Single Skill

```bash
python3 {baseDir}/scripts/arbiter.py audit openclaw-warden --workspace /path/to/workspace
```

### Permission Matrix

Compact table showing permission categories per skill.

```bash
python3 {baseDir}/scripts/arbiter.py report --workspace /path/to/workspace
```

### Quick Status

One-line summary of permission risk.

```bash
python3 {baseDir}/scripts/arbiter.py status --workspace /path/to/workspace
```

## What It Detects

| Category | Risk | Examples |
|----------|------|----------|
| **Serialization** | CRITICAL | pickle, eval(), exec(), __import__ |
| **Subprocess** | HIGH | subprocess, os.system, Popen, command substitution |
| **Network** | HIGH | urllib, requests, curl, wget, hardcoded URLs |
| **File Write** | MEDIUM | open('w'), shutil.copy, os.remove, rm |
| **Environment** | MEDIUM | os.environ, os.getenv, os.putenv |
| **Crypto** | LOW | hashlib, hmac, ssl |
| **File Read** | LOW | open('r'), os.walk, glob |

## Exit Codes

- `0` — Clean, all skills within normal bounds
- `1` — Elevated permissions detected (review needed)
- `2` — Critical permissions detected (action needed)

## No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

## Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.

# OpenClaw Arbiter

Permission auditor for [OpenClaw](https://github.com/openclaw/openclaw), [Claude Code](https://docs.anthropic.com/en/docs/claude-code), and any Agent Skills-compatible tool.

Reports exactly what system resources each installed skill accesses: network, subprocess, file I/O, environment variables, and unsafe operations like eval/pickle.


## Install

```bash
git clone https://github.com/AtlasPA/openclaw-arbiter.git
cp -r openclaw-arbiter ~/.openclaw/workspace/skills/
```

## Usage

```bash
# Full audit of all skills
python3 scripts/arbiter.py audit

# Audit a specific skill
python3 scripts/arbiter.py audit openclaw-warden

# Permission matrix (compact table)
python3 scripts/arbiter.py report

# Quick status
python3 scripts/arbiter.py status
```

## What It Detects

| Category | Risk | Examples |
|----------|------|----------|
| Serialization | CRITICAL | pickle, eval(), exec(), __import__ |
| Subprocess | HIGH | subprocess, os.system, Popen |
| Network | HIGH | urllib, requests, curl, wget, URLs |
| File Write | MEDIUM | open('w'), shutil, os.remove |
| Environment | MEDIUM | os.environ, os.getenv |
| Crypto | LOW | hashlib, hmac, ssl |
| File Read | LOW | open('r'), os.walk, glob |


|---------|------|-----|
| Permission detection | Yes | Yes |
| Permission matrix | Yes | Yes |
| Line-level findings | Yes | Yes |
| **Revoke excess permissions** | - | Yes |
| **Quarantine over-privileged skills** | - | Yes |
| **Enforce permission policies** | - | Yes |
| **Pre-install permission gate** | - | Yes |

## Requirements

- Python 3.8+
- No external dependencies (stdlib only)
- Cross-platform: Windows, macOS, Linux

## License

MIT