ClawHub
Back to skill
v1.0.7

BotLearn Healthcheck

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:09 AM.

Analysis

This health-check skill is purpose-aligned, but it asks the agent to autonomously run missing/unreviewed helper scripts and inspect broad OpenClaw configuration, identity, logs, and memory-related files.

GuidanceReview this skill carefully before installing. It appears intended to diagnose OpenClaw health, but you should only use it if you are comfortable with an agent autonomously inspecting local OpenClaw configuration, logs, identity metadata, scheduled tasks, and persistent workspace/memory files. Prefer a version that includes all referenced scripts/docs, lists exact read-only commands, and redacts sensitive data by default.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Collect all data autonomously. Never ask the human to execute commands. ... Summary — run all in parallel

The skill directs the agent to run broad local diagnostic collection without step-by-step human command review.

User impactWhen invoked, the agent may run multiple local checks and commands across the OpenClaw environment before the user sees exactly what was collected.
RecommendationRequire the skill to show a command/data-collection plan first, separate read-only checks from any changes, and ask for explicit approval before broad or sensitive collection.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
read setup.md ... Read data_collect.md ... scripts/collect-status.sh ... scripts/collect-security.sh

The skill depends on referenced setup documents and shell scripts, but the supplied manifest contains only SKILL.md and no code files.

User impactA user cannot review the helper scripts or referenced instructions that the skill tells the agent to rely on, and similarly named local files could affect what the agent does.
RecommendationBundle and review all referenced scripts/docs, pin their provenance, or rewrite SKILL.md so it only uses clearly listed, reviewable commands.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
DATA.openclaw_json | direct read `$OPENCLAW_HOME/openclaw.json` ... DATA.identity | `ls -la $OPENCLAW_HOME/identity/` ... DATA.security ... Credential exposure, permissions, network

The skill reads local OpenClaw configuration and identity-related areas and performs credential-exposure checks, which are sensitive account/environment boundaries.

User impactThe agent may inspect local configuration, identity metadata, and credential-related findings that could reveal sensitive setup or account information.
RecommendationLimit credential/config access to the minimum needed, document exactly which files are read, redact secrets by default, and require user approval before including sensitive details in reports.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
DATA.memory_stats | `find/du` on `$OPENCLAW_HOME/memory/` ... DATA.heartbeat | direct read `$OPENCLAW_HOME/workspace/HEARTBEAT.md` ... DATA.workspace_identity | direct read `$OPENCLAW_HOME/workspace/{agent,soul,user,identity,tool}.md`

The skill pulls from persistent memory/workspace areas and heartbeat content, which may contain private or instruction-like context that can influence later analysis.

User impactPrivate persistent agent state or stored instructions may be brought into the health-check context and summarized or trusted without clear boundaries.
RecommendationClearly bound persistent-file access, avoid reading full content unless necessary, redact private details, and treat workspace/memory text as untrusted diagnostic input.