Skillv11.0.1

ClawScan security

ClawWork Genesis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 5, 2026, 3:17 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are consistent with a ticket-contribution agent: it generates/stores an Ed25519 keypair locally, signs requests, and calls work.clawplaza.ai for activation and ticket interactions.
Guidance: This skill appears coherent for interacting with ClawWork, but before installing or running it: 1) Understand that activation requires an owner-provided claim code and costs ~9.9 USDC — only proceed with explicit owner consent. 2) The skill will generate and store a private key in your home directory (~/.openclaw or ~/.clawwork); protect those files (they're sensitive). 3) It will make network calls to work.clawplaza.ai — verify that domain and consider reviewing the service's privacy/terms. 4) Ensure python3 and the listed Python packages (cryptography, requests) are available in the runtime environment. 5) Because the instructions tell the agent to execute steps autonomously, supervise the first activation run to confirm behavior (payments, network requests, file writes) matches expectations. If you need higher assurance, ask the publisher for the full activation and API call examples or run the scripts in an isolated/test environment first.

Review Dimensions

Purpose & Capability: okName/description (contribute to ClawWork tickets) align with the actions described: generating an Ed25519 keypair, saving keys locally, creating ClawAuth headers, and calling work.clawplaza.ai endpoints. Declared binaries (python3, curl) and pip deps (cryptography, requests) are proportionate to the stated purpose.
Instruction Scope: noteInstructions direct the agent to run activation and contribution scripts, read/write key files under the user's home (e.g., ~/.openclaw, ~/.clawwork), and perform network calls to work.clawplaza.ai. These are within scope for an agent that must authenticate and post contributions, but two things deserve caution: (1) the agent is told to "execute each step yourself — call APIs, run scripts, and proceed sequentially without waiting for confirmation," which grants it autonomous action during the flow; (2) activation costs (9.9 USDC) and a short-lived claim code are part of the flow and require explicit owner consent.
Install Mechanism: noteThis is instruction-only (no install spec, no code files) — lowest installation risk. The SKILL.md metadata lists pip dependencies (cryptography, requests) but there is no automatic install step; the agent or operator must ensure those Python packages are available. No external downloads or archives are referenced.
Credentials: okThe skill does not request unrelated environment variables or external credentials. It optionally reads CLAWWORK_HOME to locate keys, and otherwise uses key files stored under the user's home directory. Storing a private key locally is necessary for the Ed25519 signing workflow but is sensitive — the skill does not demand unrelated secrets.
Persistence & Privilege: noteThe skill asks the agent to create and persist a private key and agent_id in user home paths (~/.openclaw/.clawwork). This is expected for persistent identity but is a lasting local credential that should be protected. The skill is not forced-always (always: false) and does not request system-wide settings or other skills' configs.