Back to skill
Skillv1.0.0
ClawScan security
AI System Maintenance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 15, 2026, 11:24 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The instructions tell the agent to run a local maintenance script and read logs (which fits the stated purpose) but the skill fails to declare or justify access to those specific admin paths and gives no safeguards, so its behavior is coherent but potentially risky and under-specified.
- Guidance
- Before installing or enabling this skill: (1) Inspect /home/admin/.openclaw/workspace/scripts/system-maintenance.sh and ~/workspace/SYSTEM_MAINTENANCE.md yourself to see exactly what the script will do (file operations, network calls, privilege escalations). (2) Require the skill to ask for explicit user confirmation before running the script, and log/preview proposed changes. (3) If possible, run the script manually in a sandbox or on a test system first. (4) Consider restricting invocation so it cannot run autonomously without your approval. (5) If you don't trust the script author or can't review the script, do not enable this skill.
Review Dimensions
- Purpose & Capability
- noteName and description (system health checks/maintenance) align with running a maintenance script and summarizing results. However, the skill references a specific admin path (/home/admin/.openclaw/...) and a system doc in the user's home without declaring required config paths or explaining why that exact location is needed.
- Instruction Scope
- concernSKILL.md explicitly instructs the agent to execute /home/admin/.openclaw/workspace/scripts/system-maintenance.sh and to read logs and a SYSTEM_MAINTENANCE.md file. That grants the agent broad file-system access and ability to run arbitrary code on the host. There are no checks, confirmation steps, validation of the script, sandboxing, or limits on what 'repairs' may be performed.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself. This is the lowest install risk.
- Credentials
- concernThe skill accesses sensitive local paths (an admin home path and logs) yet declares no required config paths or credentials. This mismatch is concerning because it does not document the need for access to those locations or request explicit user consent/confirmation before operating on them.
- Persistence & Privilege
- notealways is false (good). The skill allows autonomous model invocation (platform default), meaning the agent could run the script without further user interaction; combined with the ability to execute a local admin script, this increases the blast radius. The skill does not request persistent installation, nor does it modify other skills.