Skillv1.0.0

ClawScan security

Task Progress Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 13, 2026, 11:46 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions match its stated purpose (periodic task-progress reporting), request no credentials or network access, and perform only local report file writes and prints.
Guidance: This skill appears coherent and limited to local reporting, but check the following before installing: 1) ensure Python 3 is available (the script is invoked via python); 2) note it will create and append files under /root/.openclaw/workspace/reports/progress — if you run in a non-root or multi-tenant environment, consider changing the report path or file permissions; 3) the script writes command-line argument values verbatim into reports, so avoid passing secrets or sensitive data as report fields; 4) set up a log retention/rotation policy to avoid unbounded disk growth; and 5) confirm any scheduler/cron you use for periodic reports runs with the intended identity and permissions.

Purpose & Capability: okName/description, SKILL.md instructions, and the included Python script are consistent: they implement periodic progress messages and append a detailed Markdown report to /root/.openclaw/workspace/reports/progress/task_progress_report.md. No unrelated services, credentials, or unusual binaries are requested.
Instruction Scope: okInstructions only direct creating the report directory, setting up a timer/cron, invoking the script to append reports, and generating a final summary. The script reads command-line args and writes/prints reports; it does not access other system files, environment variables, or external endpoints.
Install Mechanism: noteThere is no install spec (instruction-only plus a local script), so nothing is downloaded or installed. Note: the SKILL.md and script assume a Python 3 runtime (calls like `python generate_report.py`) but the registry metadata didn't declare required binaries; ensure Python 3 is available in the agent environment.
Credentials: okThe skill declares and requires no environment variables, secrets, or credentials. The script uses only command-line arguments and local filesystem writes — this is proportionate to the stated reporting purpose.
Persistence & Privilege: okalways:false and normal autonomous invocation are used. The skill writes files only into its own workspace path under /root/.openclaw/workspace/reports/progress and does not modify other skills or global agent configuration.