Back to skill
Skillv0.2.0
ClawScan security
OpenLang · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 4:56 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is an instruction-only, self-consistent compact agent-to-agent messaging protocol (a language spec) and does not request credentials or install code.
- Guidance
- This skill is a message-format specification — it doesn't install code or ask for credentials, so it's internally coherent. However, OpenLang is expressly designed to encode commands targeting files, shells, networks, databases, and environment data; when used it can concisely express actions that, if executed by downstream agents, could access or exfiltrate sensitive data. Before enabling or using this skill: (1) ensure any sub-agents that receive OpenLang messages have limited, audited capabilities; (2) avoid using OpenLang on human-facing channels (the SKILL.md warns this); (3) consider logging, validating, or whitelisting OpenLang messages before execution to prevent hidden or compressed commands from performing unintended operations.
Review Dimensions
- Purpose & Capability
- okThe name and description match the SKILL.md: it defines a compact OpenLang for agent-to-agent messages. Nothing requested (no env vars, binaries, or installs) is unexpected for a language specification.
- Instruction Scope
- noteThe document defines sigils and examples that reference actions against wide-ranging targets (filesystem @fs, shell @sh, network @net, database @db, environment @env, processes @proc, etc.). That is coherent for a protocol intended to encode commands, but it means messages encoded with OpenLang could express operations that touch sensitive resources. The SKILL.md itself does not instruct the host to read secrets or call external endpoints, but it provides vocabulary for other agents to request such operations.
- Install Mechanism
- okNo install spec and no code files — lowest-risk delivery (instruction-only). Nothing is downloaded or written to disk by this skill.
- Credentials
- okThe skill declares no required environment variables or credentials. Although the protocol vocabulary includes @env and @usr scopes (which would refer to environment/user data when executed by capable agents), the skill itself does not request or store secrets.
- Persistence & Privilege
- okalways is false and autonomous invocation is allowed (platform default). The skill does not request persistent presence or modify other skills or system settings.