Skillv1.0.0

ClawScan security

Healthcheck Ready · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 21, 2026, 11:23 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a simple, local health-check script that is internally consistent with its stated purpose, but the SKILL.md slightly overstates scope (claims 'up-to-date and hardened' checks while the script only reports resource usage and service presence). No network calls, credentials, or install steps are requested.
Guidance: This script appears benign and limited to local diagnostics: it checks disk/CPU/memory, lists top CPU processes, and looks for sshd, cron, and an 'openclaw-gateway' process. Before running, review the script (you already have its contents). Keep in mind: (1) it does not check whether software is up-to-date or systems are 'hardened' — if you need that, add package/version and configuration checks; (2) run it as a non-privileged user where possible (it reads system state but does not require root); (3) there are no network calls or credential access, so it does not exfiltrate data; (4) the SKILL.md is vague and overclaims scope—treat this as a lightweight local healthcheck, not a comprehensive security audit. If you want stronger guarantees, run it in a sandbox or extend it to include signed update/version checks and configuration validation.

Review Dimensions

Purpose & Capability: noteThe name/description promise of a 'quick risk posture check' aligns with the shipped checks (disk, CPU load, memory, top processes, and presence of key services). However, SKILL.md's wording 'confirm OpenClaw is up-to-date and hardened' is not implemented: the script does not check package updates, versions, configuration hardening, file permissions, or CVEs. Overall capabilities are proportionate to a local healthcheck but the documentation overclaims a bit.
Instruction Scope: noteSKILL.md is a short scaffold that simply instructs running a healthcheck. The actual script only reads local system state via standard commands (df, uptime, free, ps, pgrep) and prints results. It does not access external endpoints, environment variables, or unrelated files. The minor scope issue is the mismatch described above (no update/hardening checks).
Install Mechanism: okThere is no install spec and the skill is instruction-only with a single shell script. Nothing will be downloaded or written by an installer. This is low risk from an install-mechanism perspective.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The script runs only local, read-only system commands and checks process presence (pgrep). No secret access is requested or implied.
Persistence & Privilege: okalways:false and the skill has no install behavior or self-modification. The skill does not request persistent privileges or modify other skills or system configuration. It can be invoked by the agent but that is the platform default and not a problem here.