Skillv0.1.1

ClawScan security

Agent Communication Protocol · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 24, 2026, 12:30 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, files, and required tools are consistent with a channel/plugin installer for ACP; it asks the agent to read and write OpenClaw config and to clone/run a third‑party plugin repository—which is coherent with its purpose but carries the normal risks of installing third‑party code and modifying core configuration files.
Guidance: This skill is coherent with its stated purpose (installing/configuring an ACP channel), but it performs sensitive local changes and instructs cloning and running third‑party code. Before proceeding: 1) Review the upstream repository (https://github.com/coderXjeff/openclaw-acp-channel) and its install scripts/dependencies; prefer a pinned release or commit and check package.json for risky postinstall scripts. 2) Back up ~/.openclaw/openclaw.json and any workspaces (the SKILL.md also advises this). 3) Inspect files that will be written (agent.md, keys under ~/.acp-storage) and ensure private keys are created with appropriate file permissions. 4) If possible, test installation in an isolated environment or VM first. 5) Confirm you trust the external endpoints (GitHub/Gitee and rank.agentunion.cn) and be aware that npm install will fetch dependencies from the public registry. 6) If you have other agents configured, verify the planned changes to bindings so you don’t unintentionally rebind or disrupt them.

Review Dimensions

Purpose & Capability: okName/description (ACP channel plugin) match the skill's instructions and resources: the SKILL.md and resource docs describe installing/configuring an ACP channel, creating agent.md, managing identities, bindings, contacts, groups, and session parameters. Required binaries (node, npm, git, curl) are reasonable for cloning the plugin and running npm install. No unrelated credentials or unrelated binaries are requested.
Instruction Scope: noteInstructions explicitly tell the agent to read and write core OpenClaw files (~/.openclaw/openclaw.json, ~/.openclaw/identities/*.json), create/modify ~/.acp-storage files (including agent private/public files and agent.md), update bindings, enable plugins.entries.acp, and restart the gateway. All actions are coherent for installing/configuring a channel plugin, but they modify system-wide agent configuration and device identity files — so the agent will have the ability to change bindings that affect other agents. The doc does include safety steps (backup openclaw.json, validate config) which mitigates some risk.
Install Mechanism: noteThis is instruction-only (no packaged install spec). The install steps direct cloning https://github.com/coderXjeff/openclaw-acp-channel.git (with a Gitee fallback) and running npm install in the plugin directory. Cloning and running npm install is expected for a Node plugin but carries normal third‑party code risks (arbitrary code pulled from external repos, dependencies installed via npm). The SKILL.md does not pin specific release versions or checksums.
Credentials: okThe skill requests no environment variables or secret tokens. It requires filesystem access to OpenClaw config/workspace paths and to create secret material (seedPassword, keystore under ~/.acp-storage). These file operations are proportional to installing and operating a channel plugin. There are no unrelated credentials requested.
Persistence & Privilege: notealways:false and normal model invocation are appropriate. The skill's instructions do instruct modifying global OpenClaw configuration (plugins.entries, bindings, openclaw.json) and writing device identity files — actions that give the plugin ongoing presence and influence over agent routing. This is expected for a channel plugin, but it does mean the skill (or the plugin it installs) will persistently affect system behavior and should be reviewed before granting.