Skillv0.1.0

ClawScan security

Project Manager Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 28, 2026, 1:12 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and file access match its stated purpose (monitor local session files and request steering via sessions_send); nothing requested or installed is disproportionate.
Guidance: This skill appears to do what it says: it reads the local OpenClaw sessions.json (default ~/.openclaw/...) to detect stalled sub-agents, prints a summary/JSON, and asks the agent to call sessions_send to steer them. Before installing, confirm you are comfortable with the skill reading session files (which may contain transcripts or sensitive state) and writing a steer_state file under OPENCLAW_HOME/logs. If you plan to run it as a cron job, ensure the cadence and max_steer_per_run are appropriate so it doesn't spam sub-agents. Also verify that the agent invoking this skill has only the sessions_list/sessions_send privileges you intend. If you want to audit behavior, run the script locally once (with --json and inspect output) in an isolated environment to confirm it behaves as expected.

Purpose & Capability: okName/description (monitor sub-agents, detect stalls, steer via sessions_send) aligns with the included script and config. The script reads a local sessions.json under OPENCLAW_HOME and outputs stalled session keys for the agent to call sessions_send — this is coherent with the declared purpose.
Instruction Scope: noteSKILL.md instructs the agent to run the provided script and parse its JSON output, then call sessions_send for up to N keys. The script reads local session state (~/.openclaw by default) and writes a local steer_state log. Reading sessions.json is required for the stated functionality but may expose session/transcript data to whoever runs the skill — this is expected but worth noting.
Install Mechanism: okNo install spec (instruction-only skill with a shipped script). Nothing is downloaded or installed from external URLs.
Credentials: okNo credentials or special env vars are required. The script respects OPENCLAW_HOME (optional) and reads/writes only under that directory, which is proportional to its purpose.
Persistence & Privilege: okalways is false; the skill is user-invocable and may be run on a cron. It writes its own steer_state file under OPENCLAW_HOME/logs and does not modify other skills or system-wide agent settings.