Back to skill
Skillv0.2.0
ClawScan security
Friends DB · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 7:11 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and resource access are coherent with a local friends CRM: it reads/migrates friends.md, manages a private SQLite DB in the OpenClaw workspace, and exposes search/update commands; nothing obvious is disproportionate, but the sync-calendar/subprocess behavior should be reviewed before use.
- Guidance
- This skill appears to do what it claims: manage a local, private friends SQLite DB and migrate from friends.md. Before installing or invoking it: 1) Inspect the remainder of scripts/friends_db.py (the truncated portion) to confirm what sync-calendar does and whether any subprocess calls contact external servers or execute shell commands with user-provided strings. 2) Expect the skill to create a hidden DB under your OpenClaw workspace (it sets restrictive filesystem permissions). If you plan to use calendar sync, confirm how credentials are obtained (it does not declare required credentials in metadata). 3) Run it in a controlled environment (or review the code line-by-line) if you have sensitive data in your workspace. Overall coherence is good, but review the subprocess/calendar code to raise confidence to high.
Review Dimensions
- Purpose & Capability
- okName/description match the shipped script and assets. The script operates on a local SQLite DB in the OpenClaw workspace and provides search, show, CRUD, and migration commands — all consistent with a 'friends DB' helper. No unrelated services or credentials are requested.
- Instruction Scope
- noteSKILL.md restricts operations to the helper script and points to specific CLI commands (migrate, search, show, set-*, log-interaction, sync-calendar). It reads the workspace friends.md and the local DB. One caveat: sync-calendar and the script import subprocess (truncated portion not fully visible) — this suggests the script may call external calendar tooling or shell commands. That behavior is within scope if used to read calendar events, but you should review exactly what sync-calendar does and what subprocess calls it makes to ensure it doesn't call unexpected network endpoints or shell out with unsanitized input.
- Install Mechanism
- okNo install spec; this is instruction-only with a bundled Python script and JSON asset. No downloads, package installs, or archive extraction are performed by the skill metadata.
- Credentials
- okNo required environment variables or credentials are declared. The script reads optional env vars (OPENCLAW_WORKSPACE, OPENCLAW_FRIENDS_DB_DIR, OPENCLAW_FRIENDS_CALENDAR_ACCOUNT/ID/TIMEZONE) that are directly relevant to configuring where the DB and calendar account live. No unexpected secret access is requested.
- Persistence & Privilege
- okalways is false and the skill does not request elevated platform privileges. It creates and writes a private DB under the workspace and enforces 0700/0600 permissions for dirs/files. It does not modify other skills or global agent settings.