Skillv1.1.0

ClawScan security

OpenClaw Safe Change Flow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 4:13 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and instructions are consistent with a safe change/rollback workflow for OpenClaw; it contains a helper script that makes backups, runs user-supplied edit scripts, validates, and rolls back on failure — nothing in the package appears disproportionate or unrelated to that purpose.
Guidance: This skill is coherent and appears to do what it says, but take these precautions before installing/using it: (1) Verify you have the OpenClaw CLI on PATH (openclaw status/gateway commands) because the script assumes it. (2) Inspect any edit scripts (edit-main.sh / edit-secondary.sh / underlying python scripts) before running — safe-change.sh will execute them with bash, so they can run arbitrary commands. (3) If you enable secondary checks, provide SECONDARY_TOKEN only when needed and keep it secret. (4) Be aware the script will restart the OpenClaw gateway and may call launchctl on macOS; run this in a maintenance window if production impact is possible. (5) Confirm backups are created in the expected path and test the rollback path in a safe environment before using in production.

Review Dimensions

Purpose & Capability: noteThe skill is aligned with its stated purpose (safe config changes and rollback). Minor inconsistency: the registry metadata lists no required binaries, but both SKILL.md and safe-change.sh assume an 'openclaw' CLI and standard UNIX tools (bash, cp, date, id, launchctl on macOS). This is expected for this task but the dependency on the OpenClaw CLI is implicit and should be confirmed before use.
Instruction Scope: noteSKILL.md and safe-change.sh stay within the stated scope: backup, run a provided edit script, validate (openclaw status/health), and rollback. The script intentionally executes user-provided scripts (bash "$MAIN_SCRIPT"), so those scripts can perform arbitrary actions — this is by design but means you must review the edit scripts before running. The script also restarts the gateway and optionally uses launchctl to kickstart a service (macOS-specific behavior).
Install Mechanism: okInstruction-only skill with no install spec and a small included shell script. Nothing is downloaded or written to disk by an installer; the only file is safe-change.sh and it's executed locally — low install risk.
Credentials: okNo required credentials are declared. The script accepts optional environment overrides (SECONDARY_TOKEN, SECONDARY_URL, SECONDARY_HOME, MAIN_CFG) which are appropriate for the optional dual-instance flow. Requiring SECONDARY_TOKEN when using a secondary instance is reasonable and limited in scope.
Persistence & Privilege: okThe skill does not request persistent platform privileges (always:false). It does perform service restarts and writes/restores config backups under the user's home directory, which is appropriate for a config-change helper and limited to OpenClaw-related files.