Skillv1.0.3

ClawScan security

btpanel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 3, 2026, 4:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with a BT-Panel monitoring/administration tool; nothing obvious is trying to do unrelated or hidden actions — but pay attention to local storage of API tokens, missing declared Python dependencies in the registry metadata, and the fact you must trust the skill to hold panel credentials.
Guidance: This skill appears to be what it claims: a BT-Panel monitoring/admin toolkit. Before installing or using it, consider the following: - Trust and credentials: The scripts require API tokens for each panel and will store them in a local config file (e.g., ~/.openclaw/bt-skills.yaml or a path you set via BT_CONFIG_PATH). Treat those tokens like passwords — only provide them if you trust the skill/source. Inspect bt_common/config.py to confirm how tokens are stored (plaintext vs encrypted). - Source verification: The package lists no homepage and the registry owner is unfamiliar; if you don't trust the author, review the included code (bt_common and scripts) yourself or run in an isolated environment. The code is readable Python — you can audit network calls and file writes easily. - Dependencies: The package requires Python packages (requests, pyyaml, rich) shown in README and script headers but they are not declared in the registry metadata. Install dependencies in a virtualenv (pip install -r requirements.txt) before running. - Principle of least privilege: If the panel supports scoped/read-only API tokens, create tokens with the minimum permissions needed (monitoring/log read) rather than full admin tokens. - Sensitive outputs: The tool can read server logs and backups via the panel API. Be mindful where reports or exported files are saved and who can access them. If you want higher assurance, ask the publisher for a homepage or source repo, or request a summary of how credentials are stored and what permissions the client uses. If you cannot verify the author, run the scripts in an isolated test environment and audit bt_common/* and scripts/* before supplying real tokens.

Review Dimensions

Purpose & Capability: okName/description (BT-Panel ops & monitoring) match the provided scripts: monitor, sites, services, logs, crontab, ssh, and a config manager. The required binary (python3) is appropriate for these Python scripts. The scripts interact with a panel API using per-server API tokens (provided via CLI/config) which is expected for this purpose.
Instruction Scope: noteSKILL.md instructs the agent to run the included Python scripts to query panel APIs and produce reports. The scripts legitimately read and write a local YAML config (server host, token, thresholds) and call panel endpoints to read system status and files. The SKILL.md also references the BT_CONFIG_PATH env var and instructs collecting system data and logs — these are within the tool's scope, but they involve sensitive data (API tokens, server logs).
Install Mechanism: concernRegistry metadata lists only python3 as a required binary and there is no install spec, but the package includes many Python files and the README lists Python packages (requests, pyyaml, rich). The registry metadata did not declare these Python dependencies; the lack of an explicit install step is a mismatch (user must manually pip install dependencies). This is an inconsistency that may trip non-technical users.
Credentials: noteNo environment variables are declared as required in registry metadata, and tokens are supplied via CLI/config — that's reasonable. However the skill reads/writes a local config (GLOBAL_CONFIG_PATH like ~/.openclaw/bt-skills.yaml) and may respect BT_CONFIG_PATH env var; API tokens are stored in those config files. Storing API tokens locally is necessary for the functionality but increases sensitivity — metadata did not call out this storage location or explicit credential handling.
Persistence & Privilege: okalways is false and model invocation is allowed (normal). The skill does not claim to modify other skills or system-wide settings. It stores its own config files under user home (typical) rather than requiring system-level privileges.