Skillv2.1.0

ClawScan security

bot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 7:40 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a local-first agent framework whose requested resources and runtime behavior match its description; it runs only local code, stores memory under ./ .bot_memory by default, and exposes an optional localhost web viewer — no unexplained network calls or secret exfiltration are present.
Guidance: This skill is a local agent framework and appears coherent with its description, but it executes Python callables directly (PolicyExecutor.execute) and stores information under ./.bot_memory by default. Before running: (1) run inside a virtual environment (install.sh recommends this), (2) inspect any Botfile or third-party tools you register to ensure they don't perform unwanted filesystem or network actions, (3) be aware there is no OS-level sandboxing — policies are runtime checks only, not enforcement of OS restrictions, and (4) the web viewer binds to 127.0.0.1 by default (local only). If you plan to register or load untrusted code, treat it as potentially able to perform arbitrary local actions and isolate it accordingly.

Review Dimensions

Purpose & Capability: okName/description (local-first agent framework) aligns with the delivered files: agent core, multi-agent coordinator, tool registry, policy layer, local web viewer, and examples. Declared requirements (none) are consistent with a pure-Python, local-first demo framework.
Instruction Scope: noteSKILL.md and example code are focused on local execution and explicitly state no outbound network by default. The runtime instructions and code read/write a local memory directory (./.bot_memory or BOT_MEMORY_DIR) and optionally load a Botfile. The code can execute arbitrary Python callables via PolicyExecutor.execute (no OS-level sandboxing) — this is expected for a framework but is a behavioral surface the user should understand and control (only register trusted tools).
Install Mechanism: okNo platform install spec is declared (instruction-only from registry), though an install.sh and requirements.txt are included for manual setup (pip install -r requirements.txt). No downloads from untrusted URLs or archive extraction are present.
Credentials: okNo required credentials or env vars are declared. The code optionally respects BOT_MEMORY_DIR to configure local memory storage. No secret-scoped environment variables are requested or used.
Persistence & Privilege: okalways is false and the skill does not request elevated platform privileges or modify other skills. It persists local agent memory under a local directory it creates (./.bot_memory) which is proportional to its purpose.