Skillv2026.2.17

ClawScan security

Skillstore · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 17, 2026, 1:57 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, docs, and requirements are coherent with a skill-search/install manager; nothing requests unrelated secrets or strange network endpoints, though there are a couple minor doc/code mismatches to review before use.
Guidance: This skill appears to do what it says: search known and local skills and query GitHub. Before installing or running it, quickly review the remaining parts of main.js (the truncated portion) to confirm what child_process.exec calls do when installing a repo (e.g., git clone, npm install, running remote scripts). Also note the docs and code disagree about the local-skill path (~/.openclaw/workspace/skills/ vs __dirname/..); make sure the tool will search the directories you expect. If you plan to run installs, run them in a sandbox or inspect any cloned repositories before executing their code.

Review Dimensions

Purpose & Capability: okName/description (search/install/create OpenClaw skills) matches the code: it searches a built-in DB, local skills, and GitHub. No unrelated credentials or binaries are requested. One minor mismatch: SKILL.md says local skills live under ~/.openclaw/workspace/skills/, but the code searches the parent directory of the skill (path.join(__dirname, '..')).
Instruction Scope: noteRuntime instructions and code remain scoped to searching known skills, local SKILL.md/README.md files, and GitHub repo metadata. The code reads local skill files and calls the GitHub search API; both are expected. The SKILL.md examples describe interactive install flows but do not document exact install commands — the main.js includes child_process.exec (truncated in the listing), so you should inspect what install/exec steps perform before executing.
Install Mechanism: okNo install spec is provided (instruction-only install), and the repo includes the CLI source (main.js). There are no external download URLs or extract operations in the provided files. This is low-risk, but review any runtime exec invocations that may invoke git or external installers.
Credentials: okThe skill declares no required environment variables or credentials. The code performs unauthenticated calls to the public GitHub search API and local filesystem reads; this aligns with the described functionality.
Persistence & Privilege: okalways is false and the skill writes/reads a local config.json in its own directory (CONFIG_FILE = __dirname/config.json). It does not request system-wide or other-skill configs. No elevated persistence privileges are requested.