First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
4
Score
100/100
Findings (4)
Detects execution of shell script files via bash/sh command or direct invocation
bash ~/.openclaw/workspace/scripts/emergency-repair/fix-billy-auth.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
bash ~/.openclaw/workspace/scripts/emergency-repair/setup-billy-repair-keys.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects SSH or SCP commands referencing private key files
ssh -i ~/.ssh/billy-repair-keyRemove the SSH private key path from command-line arguments. Use SSH agent forwarding or an SSH config file (~/.ssh/config) with restricted key file permissions (chmod 600).
Likely FP if the command references a well-known default key path (e.g., ~/.ssh/id_rsa) in documentation about SSH configuration, without exposing key contents.
Detects execution of shell script files via bash/sh command or direct invocation
bash ~/.openclaw/workspace/scripts/emergency-repair/fix-billy-auth.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.