Skillv1.5.6

ClawScan security

Asf V4 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 15, 2026, 7:41 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches a governance/optimization purpose but contains multiple inconsistencies—most notably declared 'no env vars' while shipped scripts and config reference provider API keys and system config files—so treat it as suspicious until you or a security reviewer audits the code and config changes.
Guidance: What to consider before installing: - Inconsistency flag: the registry says no env vars required, but shipped scripts mention ANTHROPIC_API_KEY, OPENAI_API_KEY, DEEPSEEK_API_KEY and print instructions to set them. Do not assume 'none' — inspect files for hidden requirements. - Review before running scripts: scripts/update-providers-config.js reads/writes ../../../openclaw.json (it modifies platform provider/fallback configuration). Do not run that script unless you understand and approve the exact changes and have backups of your openclaw.json. - Audit network endpoints: the package references external providers (openai, anthropic, deepseek). Confirm endpoints are legitimate and that keys are managed securely. - Inspect code for config writes: search repository for filesystem writes and network calls (especially any code that mutates OpenClaw configs or memory). Pay attention to any file paths outside the skill directory. - Sandbox first: install and run in an isolated environment or staging instance. Verify behavior (no unexpected provider additions, no outbound calls) before deploying to production. - If you lack capacity to audit: ask a developer or security reviewer to check the following files at minimum: scripts/update-providers-config.js, config/asf-v4.config.yaml, integrations/* (memory-extension.ts, agent-status-extension.ts), and any code that references openclaw.json or other system-level paths. Why suspicious (short): declared metadata understates required credentials and side-effects; shipped code can modify global OpenClaw configuration (provider list/fallbacks) and write to platform memory/status — operations that should be explicit and limited. Proceed only after code review or in a sandbox.

Review Dimensions

Purpose & Capability: noteThe skill's name, SKILL.md, and skill.yaml describe governance/veto/ownership/economics features and the repository contains many corresponding modules (veto enforcer, ownership proof, memory and agent-status integrations). That is broadly coherent. However the manifest/registry metadata claims 'required env vars: none' and 'no required binaries' while included scripts and config mention provider API keys and write to OpenClaw config files — a mismatch between declared requirements and actual code.
Instruction Scope: concernSKILL.md provides usage and high-level architecture only, but the shipped code and scripts include operations that touch host configuration (scripts/update-providers-config.js reads/writes ../../../openclaw.json), add provider entries, and enable writing to platform memory/status (config/asf-v4.config.yaml). The runtime instructions in SKILL.md do not call out these system config modifications or the environment variables the scripts expect, granting the skill broad discretion that isn't documented in the user-facing instructions.
Install Mechanism: noteNo install spec is declared (the package is effectively distributed as code in the bundle), which avoids remote downloads. That's lower install risk than a remote fetch, but it's inconsistent with SKILL.md's 'clawhub install' hint. The package contains many files and scripts that will be present on disk after install—so review before running any included scripts.
Credentials: concernRegistry metadata says 'Required env vars: none' and 'Primary credential: none', yet scripts (e.g., scripts/update-providers-config.js) reference ANTHROPIC_API_KEY, OPENAI_API_KEY, DEEPSEEK_API_KEY and print warnings about them. The skill's code/config also declares integrations that write to OpenClaw memory/status and may accept provider configuration. This mismatch (no declared env vs code expecting provider keys and being able to modify agent/provider config) is disproportionate and suspicious.
Persistence & Privilege: concernalways:false (good), but the skill includes integrations/config that will write change events to OpenClaw memory and extend agent status (integration flags in asf-v4.config.yaml). More concerning: an included script targets ../../../openclaw.json (system config) to add/modify model providers and fallback chains, which can alter which model endpoints the platform uses. That level of system/config modification is powerful and should be clearly declared and reviewed before use.