v1.0.0

Srs

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:21 AM.

Analysis

This skill appears to be a security-research automation tool, but it also scans broad local workspace files, stores self-improvement state, and can execute undeclared helper scripts, so it should be reviewed before installation.

GuidanceBefore installing, confirm which directories SRS may scan, where it stores role and capability data, and whether self-improvement or parallel execution features will be used. Run it only in a constrained workspace, review any tasks/ helper scripts first, and avoid using sensitive task IDs or folders until path validation and scan limits are added.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

parallel_executor.py

"script": "tasks/run_T1_architecture.py" ... process = subprocess.Popen(["python3", task["script"]], stdout=subprocess.PIPE, stderr=subprocess.PIPE)

The executor runs Python helper scripts from a tasks/ directory, but those scripts are not included in the supplied manifest or documented in SKILL.md, so their provenance and behavior cannot be reviewed from the artifact set.

User impactIf this executor is invoked, it may run local scripts that the installing user has not reviewed as part of this skill package.

RecommendationInclude all referenced task scripts in the package, document when they run, pin or verify their paths, and require user confirmation before launching external helper code.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusConcern

coordination.py

task_id = sys.argv[2] ... handoff_file = self.handoff_dir / f"{task_id}.json" ... with open(handoff_file, 'w', encoding='utf-8') as f:

A command-line task_id is used directly as part of a write path without normalization or path-segment validation.

User impactA malformed task ID containing path traversal sequences could create or overwrite JSON files outside the intended coordination/handoffs directory.

RecommendationSanitize task IDs to a safe slug, reject path separators and '..', resolve the final path, and ensure it remains inside the intended base directory before writing.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

self_governor.py

self.base_dir = os.path.expanduser("~/.openclaw/workspace/srs") ... project_dirs = [os.path.expanduser("~/ai-security/research"), os.path.expanduser("~/.openclaw/workspace/skills"), os.path.expanduser("~/.openclaw/workspace")] ... for root, dirs, files in os.walk(pdir): ... content = fp.read().lower()

The module recursively reads local research and OpenClaw workspace files and stores capability data under ~/.openclaw/workspace/srs; SKILL.md does not clearly bound what is scanned, retained, or reused.

User impactLocal workspace documents and configuration-like files may influence persistent SRS roles or future task decisions, and private file paths or derived keywords may be stored.

RecommendationMake scanning opt-in, restrict it to explicit user-approved folders, exclude sensitive config and credential-like files, label scanned content as untrusted, and provide a clear way to inspect and delete stored capability state.