Skillv0.1.0

ClawScan security

OpenClaw Security Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 8:58 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (local OpenClaw configuration checks and invoking the OpenClaw CLI); it reads the user's OpenClaw config and runs the official CLI audit but does not ask for credentials or contact external endpoints itself.
Guidance: This skill appears to do what it claims: read your OpenClaw config (~/.openclaw/openclaw.json), report insecure settings, and invoke the local 'openclaw security audit --deep'. Before installing/running: (1) verify you trust the skill source (no homepage and unknown owner in metadata); (2) note the metadata did not declare the required 'openclaw' binary—ensure that CLI is the official one you trust; (3) back up your config file as advised; (4) understand that while this script does not exfiltrate data itself, the OpenClaw CLI it calls could perform network actions depending on its implementation, so review/confirm the CLI behavior if network confidentiality is a concern. If you cannot verify the author, review the included script contents (they are short and readable) before running.

Purpose & Capability: noteOverall coherent: the name/description, SKILL.md and script all focus on auditing OpenClaw configuration. Minor inconsistency: the registry metadata declares no required binaries, but both SKILL.md and the script explicitly require the local 'openclaw' CLI to be installed and executable.
Instruction Scope: okRuntime instructions and the script only read the user's OpenClaw config at ~/.openclaw/openclaw.json, perform local checks, print a report, and run 'openclaw security audit --deep'. There is no code that reads unrelated system paths or environment variables, nor does the script itself transmit data to external endpoints.
Install Mechanism: okNo install spec — instruction-only plus a local script. Nothing is downloaded or written during install; the single included script is executed by the user/agent.
Credentials: okNo environment variables, secrets, or external credentials are requested. The script reads only the gateway config file (appropriate for an audit tool) and masks tokens in reports; this access is proportionate to the stated purpose.
Persistence & Privilege: okDoes not request persistent/always-on privileges and does not modify other skills or system-wide agent settings. It only runs on user invocation (or autonomous invocation if allowed by the platform) and performs read-only checks plus invoking the local OpenClaw CLI.