Skillv1.0.0

ClawScan security

Create SubAgent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 3:15 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (create and manage SubAgents) matches its instructions and does not request unrelated credentials or installs, though there are minor documentation inconsistencies and a small amount of scope creep around system config guidance.
Guidance: This skill appears to do what it says: help you create and manage SubAgents using platform APIs (/subagents, sessions_spawn). Before installing, confirm you trust the platform endpoint (clawhub.ai) and that you have permission to spawn agents on your instance. Note the README refers to a PowerShell script (create-subagent.ps1) but no script is included — treat that as stale documentation unless the publisher supplies code. Also be aware the docs mention editing openclaw-config.json and restarting the Gateway to enable subagents; making those changes requires administrative privileges and is outside the skill's normal scope. If you are uncomfortable giving an agent the ability to autonomously spawn/steer other agents, restrict autonomous invocation on your platform or review platform audit/logging to monitor spawned SubAgents.

Review Dimensions

Purpose & Capability: okName/description align with the SKILL.md: templates, creation flow, and management commands all relate to creating and controlling SubAgents. The skill does not request unrelated binaries, env vars, or credentials.
Instruction Scope: noteInstructions stay largely within the stated purpose (ask user, build task/label, call sessions_spawn, and offer /subagents management commands). Two minor issues: (1) SKILL.md and README suggest checking/modifying openclaw-config.json and restarting the Gateway — that references editing platform configuration and requires elevated/system access outside a simple creation flow; (2) README documents a create-subagent.ps1 script (usage examples) but no script is included in the package, an inconsistency in the files. Neither is evidence of malicious intent but they are worth attention.
Install Mechanism: okNo install spec and no shipped code to execute. Instruction-only skills are lower risk because nothing is downloaded or written by the skill itself.
Credentials: okThe skill requests no environment variables or credentials and does not prompt for secrets. Templates reference tools (web_search, exec, etc.) that SubAgents might use, which is expected. No unrelated credentials or config paths are requested.
Persistence & Privilege: okThe skill is not marked always:true and does not claim permanent system presence. It instructs use of platform session spawning APIs but does not attempt to modify other skills or persist credentials.