v1.0.0

OpenClaw Compile Skill

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 1:02 PM.

Analysis

This skill is a disclosed local Markdown workflow, but it can move and edit files in the configured vault, run shell-based checks, and optionally read local history.

GuidanceInstall only if you want an agent-assisted workflow that can read, write, move, and validate Markdown files in a local vault. Before use, explicitly configure the vault, inbox, transit, raw-material, and state directories; keep backups for important notes; and only enable QMD with a trusted local executable and appropriate collections.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/compile_archive.sh

mv "$SOURCE" "$RAW_TARGET" ... mv "$SRC_ASSET_DIR" "$RAW_ASSET_DIR"

The archive script moves the source Markdown file and related asset directory into the raw-material archive, which is expected for the skill but is still local file mutation.

User impactIf paths are misconfigured or the wrong source file is selected, the skill can reorganize local notes and assets.

RecommendationSet OPENCLAW_VAULT and the COMPILE_* directories explicitly, review the source and destination paths before archiving, and keep backups for important vaults.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/compile_step_checkpoint.sh

bash -lc "$AUDIT_CMD"

The checkpoint script executes an audit command string supplied to it. This is part of the declared micro-audit workflow, but it is a broad shell execution mechanism.

User impactA careless or overly broad audit command could perform actions outside simple validation.

RecommendationUse simple, reviewable audit commands such as file-existence or structure checks, and do not pass untrusted text into --audit-cmd.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

README.md

To enable it, install QMD locally and set: ... "COMPILE_QMD_ENTRY": "/path/to/qmd"

The optional QMD recall integration executes a user-provided local CLI path; this is disclosed and optional, but the trustworthiness of that external tool is outside the bundle.

User impactIf the QMD path points to an untrusted executable, that executable will be run during history queries.

RecommendationOnly configure COMPILE_QMD_ENTRY to a trusted local QMD installation, or leave it unset to skip history search.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/_shared/query_history.sh

out="$($QMD_ENTRY search "$query" -c "$collection" -n 8 --files 2>/dev/null)" ... doc="$($QMD_ENTRY get "$uri" -l 80 2>/dev/null)"

When QMD is enabled, the skill searches local history collections and retrieves document excerpts for the agent to use.

User impactRelevant local notes or history snippets may be brought into the agent's working context during compilation.

RecommendationUse QMD only with collections appropriate for this workflow, and avoid enabling it for vaults containing unrelated sensitive material.