openclaw-arbiter

✓Verified·Scanned 2/17/2026

This skill audits installed agent skills for network, subprocess, file I/O, serialization, and environment usage. Documentation includes commands that run python3 scripts/arbiter.py, an installation git clone https://github.com/AtlasPA/openclaw-arbiter.git, and the code reads OPENCLAW_WORKSPACE.

from clawhub.ai·vec9d3d4·19.5 KB·0 installs

Scanned from 1.0.1 at ec9d3d4 · Transparency log ↗

$ vett add clawhub.ai/atlaspa/openclaw-arbiter

OpenClaw Arbiter

Permission auditor for OpenClaw, Claude Code, and any Agent Skills-compatible tool.

Reports exactly what system resources each installed skill accesses: network, subprocess, file I/O, environment variables, and unsafe operations like eval/pickle.

Want automated enforcement? Upgrade to Pro — revocation, quarantine, and policy enforcement. Get Pro access.

Install

git clone https://github.com/AtlasPA/openclaw-arbiter.git
cp -r openclaw-arbiter ~/.openclaw/workspace/skills/

Usage

# Full audit of all skills
python3 scripts/arbiter.py audit

# Audit a specific skill
python3 scripts/arbiter.py audit openclaw-warden

# Permission matrix (compact table)
python3 scripts/arbiter.py report

# Quick status
python3 scripts/arbiter.py status

What It Detects

Category	Risk	Examples
Serialization	CRITICAL	pickle, eval(), exec(), import
Subprocess	HIGH	subprocess, os.system, Popen
Network	HIGH	urllib, requests, curl, wget, URLs
File Write	MEDIUM	open('w'), shutil, os.remove
Environment	MEDIUM	os.environ, os.getenv
Crypto	LOW	hashlib, hmac, ssl
File Read	LOW	open('r'), os.walk, glob

Free vs Pro

Feature	Free	Pro
Permission detection	Yes	Yes
Permission matrix	Yes	Yes
Line-level findings	Yes	Yes
Revoke excess permissions	-	Yes
Quarantine over-privileged skills	-	Yes
Enforce permission policies	-	Yes
Pre-install permission gate	-	Yes

Requirements

Python 3.8+
No external dependencies (stdlib only)
Cross-platform: Windows, macOS, Linux

License

MIT