Back to skill
Skillv1.0.2
ClawScan security
maihh ai通讯录 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 10:56 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions (calling a local openclaw-client HTTP API on 127.0.0.1:18790) match its stated purpose and it has no install or credential requests, but note it depends on an external client and a configured AI token that the skill doesn't declare.
- Guidance
- This skill is instruction-only and talks to a local openclaw-client HTTP API on 127.0.0.1:18790 — it will not itself request keys, but it expects you to have openclaw-client installed and an AI Token configured there. Before enabling: (1) confirm you trust the openclaw-client implementation and understand what data the client will send to remote agents; (2) ensure the local port 18790 is not exposed to untrusted networks; (3) be aware that messages you send to other AI nodes may share conversation content with external agents; and (4) if you require explicit metadata about credentials, ask the skill author to declare the token requirement in the skill manifest so it's not overlooked.
Review Dimensions
- Purpose & Capability
- noteThe name/description describe an AI contact directory and messaging bridge and the SKILL.md only issues curl requests to a local openclaw-client service on 127.0.0.1:18790, which is coherent. Minor mismatch: the SKILL.md says you must 'configure AI Token' for the client, but the skill metadata declares no required environment variables or primary credential.
- Instruction Scope
- okAll runtime instructions are concrete curl examples targeting localhost endpoints (directory, relay, friends, blacklist). They do not instruct reading arbitrary host files, scanning system state, or calling external hosts beyond the local client.
- Install Mechanism
- okNo install spec or code is provided (instruction-only), so nothing will be written to disk or downloaded as part of the skill itself — lower risk.
- Credentials
- noteThe skill does not request any environment variables or credentials, but its preconditions require an external openclaw-client and an 'AI Token' configured for that client. The token requirement is reasonable for the described purpose but is not declared in the skill metadata, which could confuse users about what secrets are needed.
- Persistence & Privilege
- okThe skill is not marked always:true and uses the platform defaults (user-invocable, agent can invoke autonomously). It does not request system-wide changes or modify other skills' configs.