Skillv2.1.0

ClawScan security

Note · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 4:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's core capture script is simple and local, but the documentation promises many additional scripts and reference files that are not included — this mismatch and a small bug make the package internally inconsistent.
Guidance: The capture script itself is simple and stores notes locally (no network calls), but the skill's documentation advertises many additional scripts and reference files that are not included — so the package as provided cannot perform search, synthesis, meeting prep, or connection-building. Before installing: (1) ask the publisher for the missing scripts or a full source bundle, (2) manually inspect any additional scripts before running them, (3) be aware notes will be written to ~/.openclaw/workspace/memory/notes/notes.json, and (4) note a minor bug in capture_note.py (tags handling will crash if --tags is omitted) — you may want to run it in a test environment first. Because of the documentation vs. file mismatch, treat this skill cautiously until the missing components are provided and reviewed.

Review Dimensions

Purpose & Capability: noteThe name/description (local note capture, organization, retrieval) match the included capture script: it writes notes as JSON to a local path. However, SKILL.md advertises many other scripts (find_notes.py, synthesize.py, connect_notes.py, references/*.md) and features (automatic topics, project organization, search index) that are not present in the file manifest. That gap means the skill as shipped cannot deliver the documented capabilities.
Instruction Scope: concernSKILL.md instructs the agent to run multiple scripts for searching, connecting, synthesizing, and preparing meetings, but only scripts/capture_note.py is included. The instructions therefore promise actions the agent cannot execute. The document repeatedly asserts 'All data stored locally' which aligns with the included script, but the missing scripts and reference files are a clear scope mismatch.
Install Mechanism: okNo install spec (instruction-only with one local Python script). No downloads or external installers are used — low install risk.
Credentials: okThe skill requires no environment variables or external credentials and performs only local file writes. It stores notes under ~/.openclaw/workspace/memory/notes/notes.json which is consistent with local-only storage. This access level is proportional to a note-capture tool.
Persistence & Privilege: okThe skill is not forced-always or declared to modify other skills or system settings. It writes to its own files under the user's home directory only. Autonomous invocation is allowed by default (normal for skills) but not combined with other high-risk factors here.