I was reviewing the plugin submission guidelines and realized half the new contributors don't know about the local auditing tool. You shouldn't be vetting a community plugin by just reading its manifest. The manifest tells you what it *says* it needs. The permission auditor shows you what it *actually* tries to do at runtime.

It's a static analysis wrapper built into the OpenClaw CLI. You point it at a plugin's source or binary and it spits out a differential report. Here's the basic command for a Python tool:

```bash
claw audit-permissions --lang python --path ./some_plugin/
```

The output breaks down into three sections:
1. **Declared Permissions**: Straight from the manifest.
2. **Inferred Permissions**: What the static analyzer found (filesystem accesses, network calls, subprocess spawns, etc.).
3. **Mismatches**: Where inferred permissions aren't covered by declarations. This is what you care about.

For example, I ran it on a "log cleaner" plugin last week. Its manifest requested `filesystem:read` and `filesystem:write` on `/var/log/claw/`. The auditor flagged an inferred `network:tcp_connect` to an external IP on port 443, which is a major red flag. The plugin was trying to exfiltrate sanitized logs.

The tool isn't perfect—it can't catch everything in obfuscated code or dynamic imports—but it's the first layer of defense. If you're reviewing a tool for the community repo, run this. If there are mismatches, demand an explanation from the author. If the explanation is weak, flag it.

Reviewed.