Skillv1.0.0

ClawScan security

System Inspection · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 7:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The SOP is coherent with a monitoring/healthcheck purpose, but its runtime instructions require persistent writes to shared memory paths and interact with channel APIs (Feishu) without declaring those config paths or credentials—this omission and the mandatory cross-agent memory writes are disproportionate and worth review before installing.
Guidance: This SOP appears to do what it says (healthchecks via the openclaw CLI), but it also writes persistent notes to two file locations (one under ~/agents/dalong/... and one under memory/...) and will probe/send messages on channels such as Feishu. Before installing: 1) Confirm the exact filesystem locations and that you consent to the skill writing there; ensure file permissions and retention policies are acceptable. 2) Verify that channel credentials (Feishu tokens/scopes) are already provisioned and that the single test message behavior is acceptable; consider changing ‘send message’ to a non-public probe or API-only check. 3) Ask the publisher why required config paths / env vars were omitted from the metadata and request they be declared. 4) Audit what kinds of data the skill will write into memory files (avoid writing sensitive logs/tokens). If you cannot review or restrict the memory targets and channel behavior, treat this skill as higher-risk and avoid enabling it system-wide.

Review Dimensions

Purpose & Capability: okName/description (system inspection, gateway/channel/tasks/logs) match the actions described in SKILL.md: running openclaw status, checking channels, logs, cron, and optional deep status. The steps are appropriate for a monitoring SOP.
Instruction Scope: concernInstructions tell the agent to run shell CLI commands (openclaw status, openclaw gateway logs, openclaw cron list, etc.) and to probe channels (Feishu). They also require writing two persistent files (~/agents/dalong/workspace/memory.md and memory/YYYY-MM-DD.md). The skill therefore reads logs and system state and writes shared memory; these are larger-scope operations than the skill metadata declares. The 'send a low-disturbance test message' step will cause network actions on channels and could generate outbound messages.
Install Mechanism: okInstruction-only skill with no install spec and no bundled code — minimal install risk. It assumes the openclaw CLI and channel integrations are already present on the host.
Credentials: concernRegistry metadata lists no required env vars or config paths, yet the instructions implicitly rely on existing channel credentials (Feishu) and on filesystem paths under the agent's home and a shared memory/ directory. The skill mandates writing to two specific paths but these were not declared in requires.configPaths. That mismatch (undisclosed required paths/credentials) reduces transparency and is disproportionate.
Persistence & Privilege: concernThe SKILL.md requires writing persistent records in two locations each run, including a '主控记忆库' shared memory path. Persistent cross-agent writes increase blast radius for data leakage and make the skill a persistent presence in agent data. The skill does not set always:true, but the mandatory memory writes and shared target are notable privileges that should be explicitly declared and reviewed.