Skillv1.0.0

ClawScan security

Code Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 12:25 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (ML-based code evaluation and Hermes integration) matches its behavior, but the deploy script makes surprising local-file assumptions and modifies user/Hermes state (enabling auto-evaluation, creating symlinks, installing packages) while not bundling the optimizer code — these inconsistencies warrant caution.
Guidance: Do not run deploy.sh or perform the advertised 'clawhub install' until you inspect the deploy.sh and the missing evaluator code. Specific checks: 1) The script expects optimizer source at /Users/apple/.openclaw/workspace/claude_optimization — verify those files exist and inspect their contents (auto_evaluator.py, evaluator/, model json). 2) Review and back up your Hermes config (~/.openclaw/workspace/hermes/config/hermes.yaml) before deployment; the script will enable auto_evaluate and feedback_loop. 3) Check the CLI being created (HERMES_DIR/bin/code-eval) to confirm it only runs local code and does not transmit data externally. 4) Consider running the deployment in a sandbox or test account first; if you proceed, remove or change the automatic config changes (set auto_evaluate:false) if you do not want evaluations run automatically. 5) If the skill was advertised as a self-contained ClawHub install, ask the publisher why core evaluator code and model files are not bundled and why a hardcoded user path is used. These inconsistencies elevate risk even though no network exfiltration or credential requests are present.

Review Dimensions

Purpose & Capability: noteThe skill claims an ML-based code-evaluator and Hermes integration; the deploy.sh script and SKILL.md behaviors (creating a CLI, writing models into Hermes optimizer dir, updating Hermes config) are consistent with that purpose. However, the package does not include the actual evaluator modules or model files — the deploy script expects them at a hardcoded external path (OPTIMIZER_SRC set to /Users/apple/.openclaw/workspace/claude_optimization). That mismatch (claiming a functioning optimizer while not bundling its code/models) is unexpected.
Instruction Scope: concernThe runtime instructions (deploy.sh) perform several system actions beyond a simple install: they install Python packages if missing, copy directories and model/json files from a hardcoded absolute path, create directories under the user's OpenClaw/Hermes workspace, write a CLI script into Hermes/bin, and update Hermes' config file to enable auto_evaluate and feedback_loop. The script will read from arbitrary file paths supplied or implied (e.g., copying from OPTIMIZER_SRC) and writes into $HOME and Hermes config — actions that are broader than the SKILL.md's high-level install steps and could have unexpected side effects for users who do not have the expected source tree.
Install Mechanism: concernThere is no formal install spec — this is instruction-only — but the included deploy.sh installs Python packages (pip3 install ...), creates symlinks in $HOME/bin, and extracts/copies files from an external, hardcoded path. The use of a user-specific absolute path (/Users/apple/...) and reliance on external local files (not downloaded from a vetted release host or bundled) is risky and incoherent with a package that advertises simple 'clawhub install' capability.
Credentials: noteThe skill does not request environment variables or credentials, which is appropriate. However, it modifies Hermes configuration (setting code_optimizer.enabled/auto_evaluate/feedback_loop to true) automatically during deployment. Changing an integration's auto-run behavior without explicit, documented user consent is a disproportionate level of persistence/control relative to a code-evaluator utility.
Persistence & Privilege: concernThe deploy script makes persistent changes: it installs a CLI into Hermes/bin and $HOME/bin, copies model and evaluator files into Hermes directories, and updates Hermes config to enable automatic evaluation/feedback. While not marked always:true, these actions grant the skill ongoing presence and can change runtime behavior (auto-evaluate code tasks). That automatic enabling of auto-evaluate is a notable privilege and should be opt-in rather than automatic.