Skillv1.0.0

ClawScan security

Security Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 1:00 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill’s instructions and requirements are coherent with a local read‑only security audit of OpenClaw/Clawdbot; it asks for no credentials or installs, but the skill’s unknown source and the fact it will read many sensitive local files mean you should exercise caution before running it on production hosts.
Guidance: What to consider before installing/using this skill: - Source verification: the skill has no homepage and an opaque owner ID. Verify you trust the skill author before running it against production hosts. - Consent & privileges: many checks (journalctl, scanning /, reading service configs) may require root and will expose sensitive local data. Only run after explicit user consent and consider running on a staging/test host first. - No credential requests: the skill does not ask for API keys or secrets, but it will read local files that may contain secrets; ensure the agent is prevented from exfiltrating data (network egress controls) and that the skill follows its read‑only promise. - Review output handling: ensure the agent or the environment will not automatically transmit the report to external services. If you plan to allow remediation, give explicit, per‑action approval before any destructive commands are executed. - Alternative: if you’re uncomfortable granting broad read access, run the listed commands manually in a controlled session or paste sanitized outputs to a trusted auditor. Overall: the skill appears coherent and appropriate for a local audit, but because its origin is unknown and it touches sensitive files, proceed cautiously and with explicit consent.

Review Dimensions

Purpose & Capability: okName/description match the actions in SKILL.md: it enumerates checks for gateway presence, network exposure, config, skills, credentials, permissions, logs and processes. Nothing requested (no env vars, no installs) is disproportionate to the stated audit purpose.
Instruction Scope: noteInstructions are explicitly read‑only and scoped to audit tasks (ps, ss, cat, journalctl, find, systemctl, reading ~/.openclaw). These commands will access many sensitive files and logs (e.g., journalctl, find / -perm ...) and some checks may require elevated privileges or produce large output; the skill correctly instructs not to exfiltrate secrets and to redact sensitive contents. Recommend explicit user consent before running privileged or broad scans.
Install Mechanism: okNo install spec or code files; instruction‑only skill has minimal installation risk (nothing will be written to disk by the skill itself).
Credentials: okThe skill requests no environment variables, credentials, or configuration paths in the metadata. The runtime instructions do read local config and token locations (e.g., ~/.openclaw/, .env files) which is appropriate for an audit and consistent with the skill purpose.
Persistence & Privilege: okalways is false and the skill does not request persistent installation or modification of other skills. The skill does not ask to enable itself permanently or to modify global agent config.