Back to skill
Skillv0.1.7
ClawScan security
OpenClaw Agent Compute · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 4:01 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent: it is a simple HTTP client for a private Compute Gateway and only needs a gateway URL and API key; nothing in the code or instructions suggests unrelated access or hidden behavior.
- Guidance
- This skill appears to do what it says: act as an HTTP client for a private Compute Gateway. Before installing: 1) verify the MCP_COMPUTE_URL points to a gateway you control/trust (the API key will be sent there), 2) keep MCP_COMPUTE_API_KEY secret and scoped to minimal permissions on the gateway, 3) note the registry metadata omitted required env vars — ensure you set MCP_COMPUTE_URL and MCP_COMPUTE_API_KEY as shown in .env.example, 4) review the GitHub repo (README references one) and the two JS files to confirm no changes, 5) run npm install and the starter-kit in an isolated or development environment first and pin dependency versions or use audit tools if you plan production use.
Review Dimensions
- Purpose & Capability
- noteThe name/description (compute client for a private gateway) matches the code and SKILL.md. However, registry metadata claims no required env vars while SKILL.md, .env.example, and the client code clearly require MCP_COMPUTE_URL and MCP_COMPUTE_API_KEY — this metadata mismatch should be corrected but does not indicate malicious behavior.
- Instruction Scope
- okSKILL.md and README limit runtime actions to configuring env vars, running npm and the provided example, and using the defined compute HTTP endpoints (sessions, exec, artifacts). The instructions do not ask the agent to read unrelated files or secrets; the code only reads the two declared env vars.
- Install Mechanism
- noteThere is no install spec in the registry (instruction-only), but the package includes code and a package.json with standard dependencies (dotenv, undici). Running the example requires npm install — this is low-to-moderate risk and expected for a JS client, but users should review dependencies and run in an isolated environment if concerned.
- Credentials
- okThe skill only requires a base URL and a bearer API key for the private compute gateway, which are proportionate to its purpose. Reminder: the API key grants whatever privileges the gateway exposes, so treat it as sensitive.
- Persistence & Privilege
- okThe skill does not request always: true or other elevated platform privileges. It does include a starter-kit that passes env vars into a Docker container (expected for this use case). Autonomous invocation is allowed by default but is not combined with any unusual privileges here.