Back to skill
Skillv1.0.0
ClawScan security
OpenClaw Skill Builder (Based on Claude) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 1:36 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only meta-skill for authoring and auditing OpenClaw skills; its files and requirements are consistent with the stated purpose and it requests no external credentials or installs.
- Guidance
- This skill is an instruction-only template for creating and auditing other skills and does not request credentials or install code — that makes it low-risk as published. However, because it guides generation of new SKILL.md files and project scaffolding, exercise normal operational caution: review any files it creates (especially scripts under scripts/ or tests/), restrict the agent's ability to autonomously install or execute generated code, and verify that any new skills created from its guidance do not request unnecessary credentials or system access before enabling them.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md content: a meta-skill that guides creating/updating/auditing skills. It requests no binaries, env vars, or install steps that would be unrelated to this authoring/auditing purpose.
- Instruction Scope
- noteSKILL.md contains workflow, templates, and checks for building skills. It gives the agent broad guidance to author SKILL.md files, folder layouts, and tests — which is expected for a skill-builder. This guidance is high-level and does not itself instruct the agent to read arbitrary system files, exfiltrate data, or call external endpoints.
- Install Mechanism
- okNo install specification and no code files (instruction-only). That minimizes on-disk execution risk and is proportionate for a documentation/meta skill.
- Credentials
- okRequires no environment variables, credentials, or config paths. Nothing requests unrelated secrets or host configuration.
- Persistence & Privilege
- okalways is false and autonomous invocation is the platform default. The skill does not request permanent presence or modifications to other skills' configs.