Back to skill
Skillv1.0.0
ClawScan security
Launchagent Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 1:09 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill does what it says: it inspects ~/Library/LaunchAgents and openclaw.json and can load/unload OpenClaw-related LaunchAgents; its code and instructions are coherent with that purpose.
- Guidance
- This skill appears coherent with its description, but it can stop and delete your user LaunchAgents. Before using destructive flags: 1) run with --prune --dry-run to see what would be unloaded/deleted; 2) verify OPENCLAW_HOME points where you expect (defaults to ~/.openclaw) so backups go to the right place; 3) ensure openclaw.json is valid and reviewed (it may contain tokens) and that gateway-guard is the intended local script if the tool invokes it; 4) review the list output before running --prune --apply or --prune --apply --delete-plists. If you are unsure, avoid --apply/--delete-plists or keep a manual backup of ~/Library/LaunchAgents first.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation: the script scans ~/Library/LaunchAgents, parses plists, reads openclaw.json and can load/unload plists and invoke a local gateway-guard script. It does not request unrelated credentials, binaries, or system-wide config.
- Instruction Scope
- noteSKILL.md and the script legitimately read openclaw.json (including token presence) and local plist files and call launchctl and an optional local gateway-guard script. This is expected for its purpose, but the tool can be destructive (--prune --apply --delete-plists) and will read token-related fields from openclaw.json; run with --dry-run first and review backups before deletion.
- Install Mechanism
- okNo install spec; the skill is instruction/script-only. No remote downloads or archive extraction are present, lowering install risk.
- Credentials
- okThe skill requires no credentials or declared env vars. It optionally respects OPENCLAW_HOME (default ~/.openclaw) for config and backups, which is proportional to its function. It does not attempt to exfiltrate data or call external endpoints.
- Persistence & Privilege
- okalways:false and user-invocable. The script operates in the user LaunchAgents domain only and writes backups under OPENCLAW_HOME; it does not modify other skills or request permanent elevated presence.