Skillv1.2.0

ClawScan security

Subagent Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 2:22 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (listing/tracking subagents by reading OpenClaw session and run files); it reads local OpenClaw workspace files but does not request credentials or make network calls.
Guidance: This skill appears to do what it says: it reads your OpenClaw workspace files (sessions.json, runs.json, and per-session transcript JSONL files) to list and tail subagent activity. Before installing, consider: 1) those local files may contain sensitive transcripts or run metadata—only install if you trust the skill and its source; 2) SKILL.md example paths reference /Users/ghost and recommend cloning a GitHub repo — if you follow those manual install steps, verify the repository you clone; 3) the package itself does not contact external services or ask for credentials. If you want extra assurance, inspect the included scripts (scripts/subagent_tracker.py and scripts/test-subagent-tracker.sh) yourself before enabling the skill.

Review Dimensions

Purpose & Capability: okName/description claim to list active subagents, show status, and tail transcripts is consistent with the included Python script and examples. The script reads sessions.json, runs.json, and per-session JSONL transcripts under OPENCLAW_HOME (~/.openclaw by default), which is exactly what this feature needs.
Instruction Scope: noteSKILL.md instructs running the included Python script and the test shell script; examples reference absolute user paths (e.g. /Users/ghost/...) and recommend cloning from GitHub or using ClawHub. Those absolute example paths are harmless but environment-specific; otherwise the runtime instructions stay within the stated scope (they only read OpenClaw session/run/transcript files).
Install Mechanism: noteThere is no install spec in the package (instruction-only install). SKILL.md suggests installing ClawHub or cloning a GitHub repo; the skill bundle already contains the scripts so no automatic remote download is required. The suggestion to clone from GitHub is informational — not enforced — but be aware that following that instruction would fetch code from an external repo.
Credentials: okThe package declares no required environment variables or credentials. The code optionally honors OPENCLAW_HOME (reasonable) and otherwise reads files under the user's OpenClaw home (~/.openclaw). That file access is proportional to the skill's purpose (tracking subagents) but does mean the skill can read transcripts and run metadata stored locally.
Persistence & Privilege: okThe skill does not request persistent/always-on privileges (always: false), does not modify other skills or global agent config, and contains no self-enabling logic. It runs only when invoked.