Skillv1.0.0

ClawScan security

Openclaw Local Storage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 24, 2026, 4:08 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with its stated purpose (a local JSON-based CRUD storage implemented in Node.js); nothing in the files attempts network exfiltration or requests unrelated credentials, though there are minor packaging oddities to be aware of.
Guidance: This skill appears to do what it says: local JSON CRUD via Node.js. Before installing: (1) note that data is written to data.json inside the skill folder — do not store sensitive data there and check file permissions; (2) package.json unnecessarily lists built-in modules ('fs' and 'path') as dependencies — harmless but unusual; (3) there are no network calls, external endpoints, or requested credentials in the code, which lowers risk; (4) if you will run this on a shared system, consider running it in a restricted environment and back up the data file. If you need stronger guarantees, review/scan the code locally (especially any future changes) and run it in an isolated environment first.

Purpose & Capability: okName/description promise a local Node.js JSON-backed CRUD store. The included source (parser, storage, analyzer, index) implements exactly that and does not request unrelated resources or credentials.
Instruction Scope: okSKILL.md instructs only local data entry and one-line natural-language commands. The runtime code reads/writes a local data.json file and parses commands; it does not read other system files, environment variables, or send data to external endpoints.
Install Mechanism: noteNo install spec (instruction-only) which reduces risk. However, the package includes source files and a package.json; package.json lists 'fs' and 'path' under dependencies even though they are Node built-ins — this is unnecessary and atypical but not evidence of malicious behavior. There are no download URLs or archive extracts.
Credentials: okThe skill declares no required environment variables or credentials and the code does not access environment-only secrets. Requested filesystem access is limited to a single local data.json file under the package directory, which is proportionate to the stated purpose.
Persistence & Privilege: okalways is false and the skill does not attempt to modify other skills or system-wide agent settings. It only persists its own data to data.json and requires no elevated platform privileges.