Skillv1.0.0

ClawScan security

Openclaw Ref · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 5:13 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only reference manual for OpenClaw; it contains docs and read-only guidance and does not request credentials, install code, or perform unexpected actions.
Guidance: This skill is a local reference manual and is internally consistent with its stated purpose. It does not ask for secrets or install code. Before enabling an agent to autonomously use it, consider: (1) the skill's runtime advice includes using a 'read' operation to open files under ~/.openclaw and workspace files — ensure those locations don't contain sensitive API keys or secrets you don't want the agent to read; (2) review the 'System prompts' and any injected docs for explicit 'ignore previous instructions' or other prompt-injection strings if you plan to grant the skill autonomous invocation; (3) because the skill can guide configuration edits, keep backups (as the docs recommend) before applying changes. If you are comfortable with an agent reading OpenClaw config files, this skill is appropriate to install.
Findings: [system-prompt-override] expected: The scanner flagged 'system-prompt-override' patterns; the docs contain a section describing 'system prompts' and how OpenClaw assembles them, which can trigger pattern detectors. I did not find explicit instruction text attempting to override the assistant (e.g., 'ignore previous instructions' or a new authoritative assistant persona). This appears to be documentation rather than an active prompt-injection attempt, but you may want to review the 'System prompts' section manually if concerned.

Review Dimensions

Purpose & Capability: okName/description match the contents: the skill is a documentation/reference manual and all referenced files, paths, and CLI commands are directly related to OpenClaw configuration, CLI, troubleshooting and model management. No unrelated binaries, env vars, or permissions are requested.
Instruction Scope: okSKILL.md tells the agent to locate and read the included documentation files and to consult config-fields.md before changing openclaw.json. It references only OpenClaw-related config paths (e.g. ~/.openclaw/...) and CLI commands. This is within the expected scope for a reference skill. Note: it does instruct use of a 'read' operation to fetch document contents — that is expected for a docs skill but means an agent/tool that runs this skill may read local OpenClaw files.
Install Mechanism: okNo install spec or code files are present; the skill is instruction-only so nothing is written to disk or downloaded during install.
Credentials: okThe skill declares no required environment variables, credentials, or config paths beyond referring to typical OpenClaw locations in documentation. There are no disproportionate or unrelated secret requests.
Persistence & Privilege: okalways is false and the skill does not request any elevated/always-on privileges or attempt to modify other skills or global agent config. Autonomous invocation remains allowed by platform default (not a red flag here).