Back to skill
Skillv0.1.0
ClawScan security
Civic · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 10:34 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and required environment variables are coherent with its stated purpose of bridging to a Civic MCP instance; nothing in the bundle appears to be trying to do unrelated or hidden actions.
- Guidance
- This skill appears to do what it says: it connects an agent to a Civic MCP instance and either uses mcporter or runs the provided TypeScript runner. Before installing or enabling: 1) Only provide a Civic token with least privilege necessary (avoid admin/global tokens). 2) Be aware the SKILL.md suggests storing the token in ~/.openclaw/openclaw.json (plaintext on disk) — rotate and revoke tokens if you stop using the skill. 3) The token grants access to many downstream services (Gmail, databases, Box); check Civic scopes and trust the Civic account you connect. 4) If you plan to run the TypeScript runner, inspect the included civic-tool-runner.ts (present in the package) and prefer to run it in a controlled environment; installing global tools like mcporter or npm packages can execute code from npm—only install from trusted sources. 5) If you need higher assurance, request the skill publisher/source or verify release provenance (official Civic docs/domains) before use.
Review Dimensions
- Purpose & Capability
- okName/description claim a Civic MCP bridge and the skill requires a CIVIC_URL and CIVIC_TOKEN plus either mcporter or npx to run the included TypeScript runner—these requirements match the described functionality and are proportionate.
- Instruction Scope
- noteSKILL.md instructs the agent (and the user) to run mcporter or npx tsx to call Civic tools and to store CIVIC_URL/CIVIC_TOKEN in ~/.openclaw/openclaw.json. That is expected for this bridge, but it means the token will be persisted on disk in the OpenClaw config if the user follows the instructions; users should be aware of that persistence.
- Install Mechanism
- okNo install spec in the registry (instruction-only), but the package includes a script and package.json/pnpm-lock.yaml. There is no opaque remote download URL; dependencies come from the npm ecosystem and a lockfile is present, which reduces uncertainty. Running the script uses npx/tsx and will rely on npm-installed dependencies at runtime—normal for this kind of tool.
- Credentials
- okOnly CIVIC_URL and CIVIC_TOKEN are required and CIVIC_TOKEN is declared as the primary credential—this is appropriate. Note: the token grants access to all Civic-connected integrations (Gmail, databases, Box, etc.), so its scope and privileges matter a lot even though only a single credential is requested.
- Persistence & Privilege
- okSkill is not always-on and does not request elevated platform privileges. The SKILL.md asks the user to add credentials to ~/.openclaw/openclaw.json (user action), but the skill does not autonomously modify other skills or system-wide settings.