Skillv1.0.2

ClawScan security

Openclaw Triage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 12, 2026, 10:27 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are coherent with an on‑workspace incident response tool: it scans and collects local workspace files, cross‑references OpenClaw security artifacts, and writes evidence into a .triage directory — nothing obviously mismatched or requesting unrelated credentials.
Guidance: This appears to be a coherent local triage tool, but review and treat it carefully before use: 1) Inspect the full scripts/triage.py for any network or subprocess commands that could transmit data; although the SKILL.md says 'no network calls', the code imports subprocess — verify there are none. 2) Run it against a copy of the workspace (or point --workspace to a snapshot) first to avoid accidental changes. 3) Expect it to collect and store potentially sensitive files (hashes, configs, credentials it finds) under .triage/evidence — protect that output. 4) Always run the evidence/collection command before any remediation/quarantine actions, and keep backups. 5) If you need higher assurance, run the script in an isolated environment (air‑gapped or with network blocked) and consider a quick code audit focusing on any subprocess calls, file writes, and any uses of network/socket libraries.

Review Dimensions

Purpose & Capability: okName/description describe workspace triage and the skill only requires python3 and local filesystem access. Declared cross‑references (.integrity, .ledger, .signet, .sentinel) match the checks implemented in the script.
Instruction Scope: noteInstructions and the script read the entire workspace, build timelines, compute hashes, and copy security tool data into .triage/evidence. This is expected for forensics, but it will access and collect potentially sensitive files (credentials, skill code, configs). The SKILL.md claims 'no network calls' and the visible code appears local‑only, but the script imports subprocess and other modules — review the remainder of the file for any network invocations before running in production.
Install Mechanism: okNo install spec; the skill is instruction/code only and requires only python3 on PATH. Nothing is downloaded or written to system locations outside the workspace when run.
Credentials: okThe skill requests no environment variables, no external credentials, and only accesses workspace files and known OpenClaw tool paths. The lack of declared secrets is proportionate to the stated purpose.
Persistence & Privilege: noteThe tool writes state/evidence and may create quarantine/backups under .triage within the workspace (normal for a triage tool). always:false (not force‑installed). If you run remediation/quarantine actions those will modify workspace files — follow the guidance to take evidence first.