Back to skill
Skillv1.2.1
ClawScan security
OpenClaw Cofounder Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 8:59 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions are coherent with its purpose: it only needs a CoFounder API token and curl/jq to fetch build specs and instructs the agent to require user confirmation before spawning sub-agents.
- Guidance
- This skill appears to do what it says, but before installing: 1) Only provide a COFOUNDER_API_TOKEN you trust—treat it like any API secret; don't paste it into chat or public places. 2) Verify the npx/clawhub package source if you follow the README install instructions. 3) When fetching a build spec, carefully review all included files and generated commands (the build spec may contain shell commands, package installs, or endpoints). 4) Always run builds in an isolated directory or container and follow the skill's own requirement to confirm each sub-agent/phase — do not allow blind execution. 5) Be cautious about approving actions that request additional credentials (cloud, DB, or third‑party API keys) and rotate or revoke the COFOUNDER_API_TOKEN if you suspect misuse.
Review Dimensions
- Purpose & Capability
- okThe name/description (fetch CoFounder.im projects and build specs) match the declared requirements: curl and jq for HTTP/JSON work and a single COFOUNDER_API_TOKEN env var for API access. No unrelated credentials or binaries are requested.
- Instruction Scope
- okSKILL.md limits behavior to listing projects and fetching build specs from CoFounder.im endpoints and explicitly requires user approval before spawning sub-agents or running verification commands. It does not instruct the agent to read unrelated files or pull other environment variables. Note: build-specs themselves may contain commands that reference external services or request additional credentials — the skill documents this and requires user review.
- Install Mechanism
- okThis is an instruction-only skill with no install spec or code files, which is the lowest-risk model. README suggests installing via npx/clawhub (external tools) but the skill package itself does not download or execute third-party archives.
- Credentials
- okOnly COFOUNDER_API_TOKEN is required and declared as the primary credential, which is appropriate for the stated API integration. The documentation warns that fetched build plans may reference other tools or credentials and instructs users to review those before use.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request elevated platform privileges. Autonomous invocation is allowed (platform default), but SKILL.md mandates explicit user confirmation before spawning sub-agents, reducing autonomous risk.