Skillv1.0.0

ClawScan security

Agent Safety · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 16, 2026, 12:00 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions implement a local pre-publish scanner, git pre-commit hook, and health checks that match the stated purpose and do not request disproportionate credentials or perform covert network exfiltration.
Guidance: This skill appears to do what it says: inspect the included scripts before use, and be aware that install-hook.sh will create/overwrite a .git/hooks/pre-commit file in any repo you point it at (it is repo-local but will block commits until pass or you use --no-verify). The scanner prints filenames and match categories but does not exfiltrate file contents. Note health-check uses macOS-specific tools (softwareupdate, csrutil, firewall utility) and runs npm/openclaw queries that may contact the network for version checks. Review the regex rules in pre-publish-scan.sh to confirm they match your expectations (may produce false positives/negatives) and test the hook on a safe repo before installing broadly. If you previously committed secrets, follow the skill's guidance to rotate them — the scanner cannot undo prior exposure.

Review Dimensions

Purpose & Capability: okName/description claim outbound scanning and git-level enforcement; included scripts (pre-publish-scan.sh, install-hook.sh, health-check.sh) implement exactly that. No unrelated credentials, binaries, or install artifacts are requested. Reading OpenClaw workspace files and checking system state is consistent with the described health checks.
Instruction Scope: okSKILL.md instructs running the provided scripts and installing the pre-commit hook. The scripts operate on staged files or the specified workspace and do not send scanned content to external endpoints. Health check runs local system queries (openclaw --version, npm view, softwareupdate, csrutil) — these are expected for version/update checks but are macOS-specific and may fail on other OSes.
Install Mechanism: okNo network download or extract install mechanism; this is an instruction-only skill with included scripts. install-hook.sh writes a repo-local .git/hooks/pre-commit file (intended behavior). There are no remote fetches of arbitrary code during install.
Credentials: okThe skill declares no required env vars or credentials. Scripts read files under $HOME/.openclaw/workspace and run local system commands; that access is coherent with the purpose of scanning workspace context and health-checking the system.
Persistence & Privilege: okalways:false and user-invocable: true. The only persistent change performed by the provided scripts is installation of a repo-local git pre-commit hook. The skill does not request global/system privileges or modify other skills' configs.