Back to skill
Skillv1.0.1
ClawScan security
Scribe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 5:16 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested access are consistent with its stated purpose (scanning local OpenClaw session logs, calling an LLM to extract signals, and writing daily memory files); no signs of misdirection or unrelated credential requests were found.
- Guidance
- What to check before installing: - Review the two included Python scripts (scripts/scribe.py and scripts/setup-cron.py) yourself — they are the code that will run. - If you enable automation, setup-cron will use your OpenClaw gateway token to register a nightly job that runs the scribe script; only run setup-cron if you trust the repository and the gateway token's scope. - The scribe script sends extracted conversation text to https://openrouter.ai (OpenRouter) using an API key read from env or ~/.openclaw/openclaw.json. If you have privacy concerns, run scribe.py manually first and/or set SCRIBE_MODEL/OPENROUTER_API_KEY to a provider you trust or leave it unset to avoid network calls. - Run the script manually (python3 scripts/scribe.py) on a small sample day to verify outputs and ensure it only reads the intended session directory and writes to a dedicated memory folder. - If you do not want automatic scheduling, skip setup-cron and instead use a system cron or manual runs that you control. - Backup or inspect memory/ and MEMORY.md after first runs to confirm no sensitive tokens or unexpected content are being written.
Review Dimensions
- Purpose & Capability
- okName/description match what the files do: scripts scan ~/.openclaw/agents/main/sessions, filter user messages, call an LLM (OpenRouter) and write structured memory files to the workspace. The optional env vars and gateway interactions are coherent with the advertised cron registration and LLM usage.
- Instruction Scope
- okSKILL.md and README instruct only to copy the skill, run setup-cron (optional) or run scribe.py manually. Runtime instructions reference session JSONL files, the OpenClaw config for API keys, and writing memory files — all within the stated scope. There are no instructions to read unrelated system paths or exfiltrate data to unexpected endpoints.
- Install Mechanism
- okNo install spec or external downloads; the skill is instruction-only with included Python scripts. No archives or remote code pulls—low install risk.
- Credentials
- noteThe scripts read an OpenRouter API key and (for cron setup) an OpenClaw gateway token from ~/.openclaw/openclaw.json or environment variables. These credentials are appropriate for the tasks (calling OpenRouter and registering a cron job) but are sensitive: the skill will send conversation text to openrouter.ai and will use the gateway token to register jobs. The number and type of credentials requested are proportional, but users should be aware these are required for full automation.
- Persistence & Privilege
- noteThe skill is not 'always' enabled. The optional setup-cron registers a nightly job via the OpenClaw gateway API which grants automated periodic runs—this matches the skill's purpose. Granting the gateway token to this script enables it to create/modify cron jobs; ensure you trust the code before running setup-cron.