Skillv1.0.0

ClawScan security

Crayfish Plugin Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 5:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only plugin development assistant whose inputs, outputs, and requirements are consistent with its stated purpose and do not request extra credentials, installs, or elevated privileges.
Guidance: This skill appears coherent and safe as an authoring assistant, but treat its outputs (shell commands, install/publish steps, generated package.json or scripts) as untrusted until you inspect them. Before running commands it emits: (1) preview generated files and check for malicious scripts or unexpected dependencies; (2) run install/publish commands in a sandbox, container, or a git branch so you can roll back; (3) avoid blindly pasting commands that modify system files or use sudo; and (4) if you plan to publish packages, review the npm package metadata and scripts for postinstall or publish hooks. If you want higher assurance, ask the agent to explain each command it proposes and to provide a non-destructive dry-run sequence first.
Findings: [no-findings] expected: Regex-based scanner found nothing — expected because this is an instruction-only skill with no code files to analyze.

Purpose & Capability: okThe SKILL.md and metadata align with the advertised purpose: generating OpenClaw plugin/skill skeletons, installation and debugging commands. The skill declares no binaries, no env vars, and no install steps — all proportional to an authoring helper.
Instruction Scope: noteThe instructions ask the agent to emit fully copy-pastable shell commands, package files, and publish/rollback steps. This is appropriate for a developer assistant, but those produced commands and generated files should be reviewed before execution because they may alter the system (install packages, write files, run scripts). The SKILL.md does not instruct the agent to read arbitrary local files or external credentials.
Install Mechanism: okNo install specification and no code files are included; the skill is instruction-only so it will not write or execute code as part of installation.
Credentials: okThe skill requests no environment variables or credentials. There is no indication it needs access to unrelated services or secrets.
Persistence & Privilege: okalways is false and model invocation is allowed (the platform default). The skill does not request persistent presence or system configuration changes.