Skillv2.0.1

ClawScan security

proof · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 5:55 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, declared requirements, and runtime instructions are coherent with a local-first ZKP toolkit and do not request unrelated credentials or network access.
Guidance: This skill appears coherent and local-only, but take these precautions before installing: (1) confirm you trust and/or inspect the bundled scripts (they currently have commented-out subprocess calls that would execute local CLIs if enabled); (2) ensure you have the required local toolchain (node/snarkjs/zokrates/python) installed from trusted sources; (3) be aware the skill will create and read/write files under ~/.openclaw/workspace/proof, so check file permissions and contents it generates; (4) if you plan to enable or modify the scripts to run external CLIs, review those commands to ensure they don't invoke unexpected network or privileged operations.

Review Dimensions

Purpose & Capability: okName/description, declared required binaries (node, snarkjs, zokrates, python3), and the two small scripts (zkp_tool.py, verify_lib.py) are consistent with a local ZKP/formal-check toolkit. The presence of optional ZoKrates and SnarkJS aligns with the stated purpose.
Instruction Scope: okSKILL.md instructs the agent to call the included scripts and operate in the declared workspace (~/.openclaw/workspace/proof). The scripts only read/write local files and create a workspace directory; there are no instructions to read unrelated system files, environment variables, or transmit data externally. Commented-out subprocess calls show where local CLIs (snarkjs, slither, zokrates) would be used—this is expected for the stated purpose.
Install Mechanism: okNo install spec is provided (instruction-only behavior), and the included Python scripts are small. The skill does not download or extract code from remote URLs. Required toolchains are declared but not installed by the skill, which is appropriate for a local-toolchain-dependent skill.
Credentials: okThe skill requires no environment variables or credentials and the skill.json permissions explicitly disable network and environment variable access. That matches the claim of local-only computation.
Persistence & Privilege: okalways is false and the skill does not request system-wide modifications or persistent daemons. Autonomous invocation is allowed by default but is not combined with elevated privileges or broad credential access.