Back to skill
Skillv1.0.0
ClawScan security
Agent Usage Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 15, 2026, 11:02 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly does what it says (reads local OpenClaw session logs and memory to build a report), but the bundled script contains a hard-coded agent ID and small mismatches with the SKILL.md that make its behavior inconsistent and potentially surprising; no network exfiltration is present, but you should review before use.
- Guidance
- This skill mostly matches its description (it reads OpenClaw session logs and workspace memory to build a report) and does not perform network I/O, but there are a few issues to consider before installing: 1) The script hard-codes AGENT_ID = "xiaotianmao" so it may read a different agent's sessions or none at all — verify and (preferably) modify the script to accept an agent-id parameter or derive it at runtime. 2) The script reads potentially sensitive session and memory files from ~/.openclaw; review those files so you understand what data would be included in reports. 3) Because the tool prints memory snippets, be careful if you plan to share generated reports externally. If you trust the source, consider patching the script to accept --agent or to use the provided --workspace path for session lookup, and run it in a safe environment first. If you do not trust the skill source, do not run it with access to real session/memory directories.
Review Dimensions
- Purpose & Capability
- concernThe name/description (generate agent usage weekly report) matches the script's functionality (reads session logs and memory and summarizes them). However the script hard-codes AGENT_ID = "xiaotianmao" rather than using a runtime agentId or a CLI flag; this diverges from the SKILL.md which implies it will read the current agent's sessions. That mismatch can cause the tool to read the wrong agent's sessions or none at all, and is an incoherence between claimed purpose and actual code.
- Instruction Scope
- concernSKILL.md instructs running scripts/generate_report.py which reads files under ~/.openclaw/... (sessions/*.jsonl and workspace memory .md). That is within the described scope, but the script only accepts a --workspace option and does not allow overriding the AGENT_ID used to locate sessions. The script reads local logs and memory (sensitive data) and prints/outputs them; while expected for a reporting tool, this is sensitive I/O and should be noted. There are no steps that read unrelated system files, no external network calls, and no vague instructions granting broad discretionary data collection.
- Install Mechanism
- okThis is an instruction-only skill with an included Python script and no install spec; nothing is downloaded or executed beyond the provided script. That is low-risk from an install mechanism perspective.
- Credentials
- noteThe skill requests no environment variables or credentials and only reads predictable local OpenClaw paths. This is proportionate for a reporting tool, but the script does access potentially sensitive session and memory files under the user's home directory—appropriate for the stated purpose but worth reviewing before granting access.
- Persistence & Privilege
- okThe skill is not forced-always and has no install actions that change agent configuration or grant persistent elevated privileges. Autonomous invocation is allowed by default but not by itself a red flag here.