v1.0.2

Model Alias Append

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:14 AM.

Analysis

The skill appears to do its stated model-labeling job, but it works by using a response hook that reads OpenClaw configuration and changes outgoing replies.

GuidanceThis skill is coherent with its stated purpose and does not show exfiltration or destructive behavior. Before installing, be comfortable with a hook that can modify every outgoing response, periodically read OpenClaw configuration, and manage its own hook setting in the local config.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

hooks/response-alias-injector/handler.js

type: response:pre-send behavior in code: response.content = `${processedResponse}\n\n**${modelAlias}**`;

The hook modifies response content immediately before sending. This matches the stated purpose, but users should understand that it affects outgoing replies broadly.

User impactEvery response may be altered by adding a model alias or update notice.

RecommendationInstall only if you want this global response-labeling behavior, and confirm the hook can be disabled if needed.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

main.js

const result = spawnSync('node', [`${__dirname}/scripts/manage-hook.js`, 'enable'], {

The skill can execute a bundled local Node script to manage its hook. The command and argument are hardcoded and purpose-aligned, but it is still local process execution.

User impactIf the hook-management method is invoked, it can run a local script that changes the skill's hook status.

RecommendationReview hook-management behavior before invoking enable or disable actions, especially in shared or managed OpenClaw environments.

Rogue Agents

SeverityLowConfidenceHighStatusNote

hooks/response-alias-injector/handler.js

setInterval(() => { this.checkAndReloadConfigIfNeeded(); }, 30000);

The hook periodically checks configuration changes in the background while loaded. This is disclosed as configuration monitoring and is limited to checking the local config.

User impactThe skill continues monitoring the OpenClaw configuration during its active runtime.

RecommendationUse it only if ongoing configuration-change monitoring is acceptable.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceMediumStatusNote

metadata

Source: unknown; Homepage: none

Registry provenance metadata is sparse even though package.json contains repository information. This is not evidence of malicious behavior, but it reduces install-time provenance clarity.

User impactUsers have less registry-level source information for verifying who published or maintains the skill.

RecommendationVerify the package repository and publisher identity before installing, especially in production or shared environments.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

hooks/response-alias-injector/handler.js

this.modelAliases[modelConfig.alias] = fullModelId; ... response.content = `${processedResponse}\n\n**${modelAlias}**`;

Alias text from persistent OpenClaw configuration is reused directly in outgoing responses. This is expected, but aliases are not visibly validated or escaped.

User impactA malformed or intentionally misleading alias in the configuration could be appended to responses.

RecommendationKeep model aliases short and plain-text, and avoid putting instructions, links, secrets, or formatting-heavy content in alias values.