Skillv1.0.0

ClawScan security

MaxClaw User Guide · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 26, 2026, 4:06 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only user guide/FAQ (no code, no installs, no secrets requested) and its requirements match its stated purpose.
Guidance: This is a documentation-only skill and appears internally consistent. Before relying on it: (1) remember the skill source/homepage is unknown—cross-check key operational and billing claims against official MaxClaw/OpenClaw docs; (2) never paste tokens or secrets into a chat with an untrusted agent/UI—only enter Bot Tokens via the official platform Channel Setup UI; and (3) treat procedural instructions (e.g., billing, restart, auto-fix) as guidance only and contact official support for account-sensitive actions.

Purpose & Capability: okThe skill is documented as a user guide/FAQ and the SKILL.md contains only documentation about the MaxClaw platform. It does not request unrelated credentials, binaries, or install behavior that would be inconsistent with being a guide.
Instruction Scope: okThe runtime instructions are purely informational (how to start, Telegram BotFather steps, FAQs, troubleshooting). There are no directives telling the agent to read local files, access environment variables, or exfiltrate data.
Install Mechanism: okNo install spec and no code files are present (instruction-only), so nothing is written to disk or executed during install.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. Although the guide describes how users can obtain a Telegram bot token, it does not request or store any secrets itself.
Persistence & Privilege: okFlags are default (always: false, user-invocable: true, disable-model-invocation: false). The skill does not request elevated persistence or modify other skills or system settings.