Back to skill
Skillv1.0.0
ClawScan security
order · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 8:08 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only adapter for issuing order-related commands to a paired Android OpenClaw node; its requests and instructions are consistent with that purpose and don't ask for unrelated credentials or installs.
- Guidance
- This skill appears to only wrap calls to a paired Android device via the OpenClaw gateway and does not request credentials or install software. Before installing: (1) confirm the paired Android node you use is trusted (the skill will issue commands to that device); (2) test with non-destructive commands first (order.getGoods, order.getSelectedGoods); (3) because model invocation is allowed by default, consider whether you want the agent to be able to call these commands autonomously (it could add/submit orders), and restrict autonomous skills or require confirmation if you prefer; (4) remember the SKILL.md states submitOrder is a demo (no real payment), but verify the actual paired app behavior in your environment before relying on it in production.
Review Dimensions
- Purpose & Capability
- okName/description (ordering on a paired Android node) match the declared commands and the SKILL.md. It does not request unrelated binaries, credentials, or config paths.
- Instruction Scope
- okRuntime instructions are limited to calling the OpenClaw gateway node invoke API with specific command names and JSON params (get menu, add/remove items, view cart, submit). The SKILL.md does not instruct reading arbitrary files, environment variables, or contacting third-party endpoints outside the OpenClaw node API.
- Install Mechanism
- okNo install spec and no code files—instruction-only. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths; this is proportional for a gateway-node-invoke style adapter.
- Persistence & Privilege
- notealways:false (good). disable-model-invocation is false (agent may invoke the skill autonomously) — this is the platform default and not in itself a problem, but it means the agent could run order commands without explicit human confirmation unless you limit autonomous invocation elsewhere.