Skillv3.2.0

ClawScan security

Claw Mentor Mentee · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 1:25 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (mentorship and config updates) matches its behavior, but it reads/writes core agent files, stores your API key on disk, schedules recurring network checks, and makes unverifiable privacy claims — these are reasonable for the feature set but warrant caution before installing.
Guidance: This skill appears to do what it says, but it will read and modify important agent files, persist your API key in your OpenClaw config, and schedule periodic checks against app.clawmentor.ai. Before installing: 1) Confirm the exact set of local files the skill will read and what parts (snippets/full files) might ever be transmitted; ask the vendor to document the data sent with bootstrap/reports and to provide a transcript of network calls. 2) Consider using a scoped API key you can revoke, and place it in a secure store if possible instead of plaintext config. 3) Make a trusted local backup of ~/.openclaw and your workspace (SOUL.md, IDENTITY.md, HEARTBEAT.md, etc.) so you can audit and roll back changes. 4) If you require strict privacy, ask for an explicit guarantee and an audit/log of outgoing requests; without code to inspect, the privacy assurances in SKILL.md are not independently verifiable. 5) Prefer manual review/approval of each proposed change rather than full-automatic apply.

Review Dimensions

Purpose & Capability: noteThe primary credential (CLAW_MENTOR_API_KEY) and described network endpoints (app.clawmentor.ai) align with a mentorship/update service. However, the SKILL.md instructs the agent to read/modify many core workspace files (HEARTBEAT.md, SOUL.md, IDENTITY.md, mentor-guidance.md, etc.) and to perform local compatibility analysis; those accesses are consistent with the stated purpose but are higher-sensitivity than a simple notifier.
Instruction Scope: concernThe runtime instructions explicitly tell the agent to read and modify core agent/workspace files, write the API key into OpenClaw's config, take local snapshots, and append heartbeat entries so checks run periodically. The doc also asserts that config files 'NEVER' leave your machine — that claim cannot be verified from an instruction-only skill and depends on the agent's implementation. Because the skill will examine and propose changes to identity/behavior files, review what exactly will be read, proposed, and transmitted before approving changes.
Install Mechanism: okThis is an instruction-only skill with no install spec or downloaded artifacts, which is low-risk from a code-install perspective.
Credentials: noteOnly one primary credential (CLAW_MENTOR_API_KEY) is requested, which fits the service. The instructions recommend storing that key in OpenClaw's config (openclaw config set or editing ~/.openclaw/openclaw.json), meaning a persistent secret will be written to disk; users should consider where and how the API key is stored and rotated.
Persistence & Privilege: notealways:false (normal), but the skill instructs adding a heartbeat line to schedule periodic checks. That gives the skill ongoing network activity and recurring prompts to the user; this is understandable for its function but increases exposure (regular calls to the remote service).