Skillv1.0.1

ClawScan security

API配额监控与手动切换 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 23, 2026, 3:46 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (monitor OpenClaw session errors and switch models after user confirmation); it requires modifying OpenClaw config and restarting the gateway (which is expected), and contains no obvious unrelated network exfiltration or hidden endpoints.
Guidance: This skill appears to do what it says: check recent session errors and (after user confirmation) update ~/.openclaw/openclaw.json and restart the OpenClaw gateway. Before installing or running it, consider: 1) Review and backup your OpenClaw config (openclaw.json) so you can restore if something changes unexpectedly. 2) The script requires permission to write the config and to stop/start the gateway (it runs pkill and launches 'openclaw gateway start'); only run it as a user who should have that privilege. 3) Sessions files may contain sensitive session data — ensure you are comfortable the script will read those paths. 4) Test in a non-production environment first (use --check and --ask) and inspect the code (it's included) if you have concerns. 5) If you don't want automated restarts, avoid running --confirm automatically (cron should only run --check).

Review Dimensions

Purpose & Capability: okThe skill claims to monitor OpenClaw API usage and switch models; the code reads OpenClaw config (openclaw.json) and recent session logs (sessions.json), updates the model in the config, and restarts the gateway. These requirements (file access and ability to restart the gateway) are coherent and necessary for the stated functionality.
Instruction Scope: noteSKILL.md and the script limit actions to checking session data, reporting suggestions, writing the model field in openclaw.json, writing logs, and restarting the OpenClaw gateway. This stays within the described scope. Note: the script will read session files (which may contain session data) and writes to logs and config; those are privacy-relevant but expected for this purpose.
Install Mechanism: okNo install spec; the skill is instruction-only with an included Python script. Nothing is downloaded or installed automatically by the skill itself, so there is low install-time risk.
Credentials: noteThe skill does not request external credentials or unrelated env vars. It optionally honors OPENCLAW_DIR and LOG_DIR environment variables. However, it requires filesystem write permission to the OpenClaw config and the ability to kill/start the OpenClaw gateway process, which are elevated actions and should only be granted if you trust the script and understand the operational impact.
Persistence & Privilege: okalways:false (not force-included). The skill modifies its product's own config file (openclaw.json) and restarts the gateway — this is consistent with its function. It does not attempt to modify other skills or system-wide agent settings beyond controlling OpenClaw. Autonomous invocation is permitted by default but not unusual; combine that with the config-modifying behavior only if you want agents to be able to act without manual confirmation.