Skillv2.0.0

ClawScan security

Immigration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 12:52 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (local immigration guidance + local-only storage) largely matches the provided scripts, but the runtime instructions reference many modules that are not included and there are small but meaningful inconsistencies about where data is stored — this mismatch warrants caution before installing or using the skill with real-sensitive data.
Guidance: This skill mostly implements local checklist and deadline features, but the package is incomplete compared to its documentation. Before installing or entrusting sensitive immigration data: - Expect missing features: Several scripts the README instructs the agent to run are not included (pathway_finder.py, prep_interview.py, document_inventory.py, etc.). Ask the publisher for the missing files or an updated package. - Verify storage location: The scripts write to ~/.openclaw/workspace/memory/immigration (hidden folder in the user's home). If you expect data to live elsewhere (project workspace), update the scripts or run them in a controlled environment. - Audit the omitted scripts: The evaluation only saw 4 script sources; the remaining referenced utilities may contain network calls or other behavior. Obtain and review those files (or run in an isolated sandbox) before adding real PII. - Backup & encrypt sensitive files: Immigration records are highly sensitive. If you use this skill, store files in an encrypted location and limit permissions on the memory directory. - Test in a sandbox: Run the included scripts in a throwaway environment to confirm they behave as expected and that no network traffic occurs. What would change this assessment to 'benign': provide the missing referenced scripts and/or an updated SKILL.md so the declared capabilities match the shipped code, and confirm the omitted scripts contain no network or external credential usage. If those files contain unexpected network calls or credential access, the assessment would become higher risk.

Review Dimensions

Purpose & Capability: concernThe description promises pathway analysis, checklist generation, deadline tracking and interview prep. Only a subset of the referenced scripts are included (add_deadline.py, generate_checklist.py, list_deadlines.py, track_application.py). The SKILL.md and references repeatedly call scripts that are not present (e.g., pathway_finder.py, prep_interview.py, document_inventory.py, post_approval_checklist.py, check_processing_time.py). That creates a capability mismatch: the package claims many features it does not actually ship.
Instruction Scope: concernSKILL.md instructs storing sensitive immigration data locally and not transmitting it, which the included scripts appear to follow. However, the instruction set references many absent scripts and uses a relative storage path in docs ('memory/immigration/') while the provided scripts write to a hard-coded ~/.openclaw/workspace/memory/immigration path. The mismatch could lead the agent to attempt running non-existent commands or to store data in a different location than the user expects.
Install Mechanism: okNo install spec is provided and the skill is instruction-plus-scripts only; there are no remote downloads or third-party package installs in the included files. This is low risk from an installation/execution-supply perspective for the files that are present.
Credentials: okThe skill declares no required environment variables, no credentials, and the provided scripts do not access external secrets or network resources. For the included files, requested environment access is minimal and proportionate to the stated purpose.
Persistence & Privilege: okFlags show always:false and model invocation is allowed (default). The skill stores data locally under a hidden directory (~/.openclaw/workspace/memory/immigration) but does not request system-wide privileges or modify other skills. The local storage location is persistent but limited to user space.