Oathe Security Badge

Is silentcool/crusty-security safe?

https://github.com/silentcool/crusty-security

86
SAFE

Crusty Security appears to be a legitimate security monitoring tool for OpenClaw agents with appropriate functionality for its stated purpose. The main concerns are optional external data transmission to a dashboard service and the broad system privileges required for security scanning operations.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (4)

MEDIUM External Dashboard Integration -30

The skill sends automatic heartbeats every 5 minutes and can push scan results to crustysecurity.com when CRUSTY_API_KEY is configured. While optional and documented, this involves regular data transmission to external servers.

LOW Multiple Executable Scripts -15

The skill contains numerous executable shell scripts and Python code that perform security scanning operations. While legitimate for security tools, these have significant system access.

LOW Broad System Privileges -15

The security tool requires extensive access to filesystem, processes, configuration files, and network to perform its scanning functions. This is expected for security tools but represents significant privilege requirements.

LOW Automatic Cron Job Installation -10

The skill automatically installs several cron jobs for scheduled security scanning without explicit user confirmation during installation.