Skillv1.0.0

ClawScan security

Skill Audit by Raini · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:31 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is a local security scanner whose code and instructions are coherent with its stated purpose; there are minor documentation mismatches and the scanner uses heuristic regexes that can produce false positives, but nothing indicates malicious intent.
Guidance: This appears to be a legitimate local security scanner. Before installing: 1) Note SKILL.md mentions a 'check' command that the bundled CLI does not implement — treat that as a documentation mismatch. 2) The scanner uses simple regex heuristics and will produce false positives (and could miss sophisticated obfuscation); review flagged files manually. 3) When running 'scan --all' the tool will read all files in your skills directory — run it in a safe environment or with explicit paths if you're concerned about sensitive locations. 4) Because the skill can be invoked autonomously by the agent, consider whether you want it enabled for automatic runs; this is not a red flag by itself but be mindful of what paths the agent may instruct the skill to scan. 5) If you rely on its results for critical decisions, open the bundled src/audit.js and verify the detection rules and allowlist domains yourself (the code is short and readable).

Review Dimensions

Purpose & Capability: okName, package.json description, SKILL.md and the included src/audit.js implement a security scanner for OpenClaw skills. The code scans files and looks for credential references, network calls, and dynamic execution patterns — all are appropriate for a skill-audit tool. It does not request unrelated credentials or binaries.
Instruction Scope: noteSKILL.md and the CLI instruct running the scanner against skill directories (e.g., ~/.openclaw/workspace/skills or a provided path), which is appropriate. However SKILL.md documents a '/skill-audit check <clawhub-slug>' command that is not implemented in src/audit.js (the CLI only supports 'scan'). Also the scanner will read any files in the target path (which is expected) and could report many heuristic hits; that behavior is normal for a file-scanner but worth knowing.
Install Mechanism: okNo install spec or remote downloads are included — this is an instruction-only/package-contained skill with the scanner source bundled. Nothing is fetched from external URLs at install time.
Credentials: okNo environment variables, credentials, or config paths are required. The code reads filesystem paths supplied by the user and uses process.env.HOME to locate the default workspace; that is proportionate to a scanner. It does not ask for unrelated secrets.
Persistence & Privilege: okalways is false and the skill does not request elevated persistence or modify other skills. disable-model-invocation is false (agent can call it autonomously) — appropriate for a utility skill. There is no evidence it alters agent/system-wide settings.