Skillv3.0.0

ClawScan security

Consulting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 6:10 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims a full consulting practice toolkit but only includes a single local scoping script and several referenced scripts/files are missing — behavior is otherwise local and low-risk but the implementation is incomplete and inconsistent with the documentation.
Guidance: This skill's documentation claims multiple scripts and reference files, but the package only includes scope_engagement.py. That makes the skill incomplete rather than malicious. Before installing or using it: 1) Inspect the included script (already done) — it only writes a JSON under ~/.openclaw/workspace/memory/consulting and prints prompts (no network activity). 2) Ask the publisher or check the source for the missing scripts and reference files (write_proposal.py, structure_pricing.py, etc.) if you need those features. 3) If you proceed, run it in a sandbox or test account first; note it will create/modify ~/.openclaw/workspace/memory/consulting/engagements.json so back up or adjust the path if that’s a concern. 4) If you expect a full toolkit from this skill, treat the current package as incomplete and avoid relying on it for production use. If additional files appear that contact external endpoints or request credentials, reassess — that would raise the risk level.

Review Dimensions

Purpose & Capability: concernThe name/description promise a multi-script consulting system (scoping, proposals, pricing, deliverables, relationships). The package only contains one script (scope_engagement.py). SKILL.md references many scripts and reference files that are not included. The one included script does match the 'scope engagement' capability, but the overall claim-to-implementation mismatch is problematic.
Instruction Scope: concernRuntime instructions in SKILL.md instruct the agent to run many scripts (write_proposal.py, structure_pricing.py, etc.) that are not present. The SKILL.md also documents local memory paths; the actual script writes to ~/.openclaw/workspace/memory/consulting which is consistent in intent but not exactly the same literal path described earlier. The instructions do not perform network calls or request credentials, so there's no immediate exfiltration risk, but the missing files mean the agent may attempt to run nonexistent commands and fail or behave unexpectedly.
Install Mechanism: okNo install spec — instruction-only plus a small local script. Nothing is downloaded or extracted; no package installs are requested.
Credentials: okNo environment variables, credentials, or external config paths are required. The script only reads/writes a local JSON file under the user's home directory.
Persistence & Privilege: okSkill is not marked always:true and does not request elevated privileges or modify other skills. It writes its own data under a dot-directory in the user's home — expected for a local memory store.