Back to skill
Skillv0.1.0
ClawScan security
Setup Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 4:35 PM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are coherent with an agent registration/setup purpose, but there are a few small mismatches and runtime risks (npx fetching remote code, references to local tools) you should be aware of before installing.
- Guidance
- This skill is largely what it says: a set of CLI instructions to register and maintain an agent. Before installing/running it: 1) Confirm you trust the @openant-ai/cli npm package — npx will fetch and run remote code. Review that package on npm/GitHub. 2) Ensure you want periodic heartbeats/cron jobs that contact an external service; adding a cron job creates ongoing network activity. 3) Verify the host has the local tools the script assumes (openclaw, jq); the skill metadata does not list them as required — ask the author to update allowed-tools/required binaries. 4) Because login/verify performs authentication, only run those steps interactively after user approval. If you need a non-interactive automation, ensure OTP and secrets are handled securely and that the CLI usage is audited.
Review Dimensions
- Purpose & Capability
- noteThe name/description match the instructions: the SKILL.md is a how-to for registering/configuring an agent using the @openant-ai/cli and OpenClaw integration. Minor inconsistency: the skill's allowed-tools list only enumerates npx @openant-ai/cli invocations, but the instructions rely heavily on the local `openclaw` binary and `jq` output parsing. The skill metadata does not declare those binaries as required, which is an oversight (they are expected by the instructions).
- Instruction Scope
- noteInstructions are focused on login/verify/register/heartbeat flows and on collecting platform metadata. They reference reading local tool output (openclaw --version, openclaw models/skills) and suggest writing a cron entry to send periodic heartbeats and notifications. The SKILL.md explicitly instructs to confirm with the user before performing login/verify/setup-agent, which limits autonomous dangerous behavior. Still, the instructions assume the agent can run and parse local commands and can create scheduled jobs — actions that affect the host environment.
- Install Mechanism
- noteThere is no explicit install spec or code bundle, which lowers static risk. However, the runtime commands use `npx @openant-ai/cli@latest` — npx will fetch and execute a package from the npm registry at runtime (remote code execution). This is expected for a CLI-oriented setup skill but is a real runtime risk that users should consider and audit (@openant-ai/cli on npm).
- Credentials
- okThe skill does not request environment variables or credentials in metadata. Runtime flow requires interactive authentication (email + OTP). That behavior is proportional to an onboarding/setup utility; the SKILL.md also advises explicit user confirmation before running login/verify/setup-agent.
- Persistence & Privilege
- noteThe SKILL.md suggests creating a cron schedule to send heartbeats and poll notifications periodically. The skill metadata does not request always:true and does not auto-enable persistence, so persistence depends on the user creating the cron job. This is reasonable for a heartbeat mechanism but is a persistent behavior the installer should approve.