Skillv0.1.3

ClawScan security

Bluebubbles Healthcheck · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 4:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's scripts largely match its stated purpose (diagnose and heal local BlueBubbles ↔ OpenClaw issues), but there are incoherences and modest risks you should understand before installing.
Guidance: What to know before installing: - The scripts legitimately need the BlueBubbles API password (BB_PASSWORD). The top-level registry metadata omitted this, so make sure you provide BB_PASSWORD only when you intend to run the scripts. Treat BB_PASSWORD as sensitive. - Intended use is local-only: defaults are 127.0.0.1 (BB_URL) and localhost webhook. Do not point BB_URL or OPENCLAW_WEBHOOK_URL at remote systems unless you explicitly understand and accept that the password and webhook registration will be sent to that remote host. - The reset script registers the webhook URL containing ?password=... so the password will be stored in BlueBubbles' webhook config on disk (documented by the skill). That is required by this integration but is a persistent secret on the machine. - Use --dry-run first to see planned actions. Inspect the scripts (they are small and included) and test on a non-production/local machine if possible. - If you manage multiple agents or remote BlueBubbles instances, avoid enabling this skill to run automatically against unknown endpoints. If you want to harden: keep BB_URL and OPENCLAW_WEBHOOK_URL to 127.0.0.1, prefer Authorization header for API calls where possible, and ensure logs/backups do not leak the stored webhook config. - Because the registry metadata and SKILL.md disagree about required credentials, ask the publisher (or update the skill) so the required env variables are declared clearly before granting secrets to the agent.

Review Dimensions

Purpose & Capability: noteThe name/description align with the scripts' behavior: they query the BlueBubbles API, reset webhooks, and restart the OpenClaw gateway. However, the registry metadata provided with the skill (top-level metadata) does not declare the BB_PASSWORD credential even though SKILL.md and every script require it; that's an inconsistency that could confuse users and permission systems.
Instruction Scope: noteRuntime instructions and scripts are focused on local diagnostics and healing (HTTP calls to BB on BB_URL, listing/deleting/creating webhooks, POST to local OpenClaw webhook, optional openclaw gateway restart). This stays within the stated purpose. Caveat: the scripts accept arbitrary BB_URL and OPENCLAW_WEBHOOK_URL values supplied by the user — if pointed at remote hosts, the scripts will transmit BB_PASSWORD and register webhooks remotely, which is outside the intended local-only usage described in docs.
Install Mechanism: okInstruction-only skill with bundled shell scripts; there is no package download or archive extraction. It relies on standard CLI tools (curl, python3, nc) and the openclaw CLI when available. Low install mechanism risk.
Credentials: concernThe scripts require a sensitive secret (BB_PASSWORD) and do include that secret in webhook registration URLs so BlueBubbles can authenticate callbacks. That is functionally necessary for this integration and is documented, but the top-level registry metadata does not declare this required credential. Also, because the password is embedded in URLs, a misconfigured BB_URL or OPENCLAW_WEBHOOK_URL (pointing to remote services) could cause unintended disclosure/exfiltration of the password.
Persistence & Privilege: okThe skill does not request always: true and does not attempt to modify other skills or system-wide agent configs. It runs as-on-demand and its actions are limited to local service management and API calls.