Oathe Security Badge

Is jontsai/command-center safe?

https://github.com/openclaw/skills/tree/main/skills/jontsai/command-center

76
CAUTION

OpenClaw Command Center appears to be a legitimate dashboard application for monitoring AI agents, but it exhibits concerning behavior by accessing sensitive credential files including SSH keys and cloud service credentials. While no data exfiltration was detected, this broad file access represents a significant security risk that should be addressed.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 30/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 90/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (3)

HIGH Access to Sensitive Credential Files -70

The skill accessed multiple sensitive credential and configuration files including SSH private keys (.ssh/id_rsa), AWS credentials, Docker configuration, npm registry credentials, Google Cloud credentials, and environment files. While no exfiltration was detected, a dashboard application should not need access to such sensitive authentication materials.

MEDIUM Executable Server Code -15

The skill contains executable Node.js server code and shell scripts, which is expected for a dashboard application but presents inherent code execution risks.

LOW Overly Broad File System Access -40

While the application appears to be a legitimate OpenClaw dashboard, the pattern of accessing sensitive credential files suggests overly broad file system scanning that could be refined to improve security posture.