Skillv1.2.2

ClawScan security

PreClick : URL Security Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 1, 2026, 1:17 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions are coherent with its stated purpose (a companion that delegates URL checks to a PreClick plugin), but because it is instruction-only the real behavior depends on the external plugin it references — you should verify that plugin before installing.
Guidance: This skill is consistent with being a helper that delegates URL checks to a PreClick plugin, but it contains no code itself — the plugin you install will perform the actual network calls and analysis. Before installing or using it: 1) Verify the provenance of @cybrlab/preclick-openclaw (source repo, release host, and maintainers); do not install plugins from unknown/untrusted sources. 2) Review what the plugin will send to external endpoints — avoid sending URLs that include session tokens, auth query parameters, or other sensitive data. 3) Check the plugin's required environment variables and permissions and ensure they are proportionate. 4) Test the plugin on non-sensitive, known-safe URLs first to observe behavior. 5) If you need higher assurance, request the plugin's code or a signed release and inspect its network endpoints and dependencies. If you cannot audit the plugin or trust its source, treat it as potentially privacy-impacting even though the companion skill itself is coherent.

Review Dimensions

Purpose & Capability: noteThe skill is a thin, instruction-only companion that delegates URL scanning to a PreClick plugin and requires the plugin's config entry (plugins.entries.preclick-openclaw.enabled). That dependency is consistent with the stated purpose. However, the provided metadata lists no source or homepage for the plugin/skill bundle, making it impossible to audit the upstream code from this package alone — this reduces transparency and is worth noting.
Instruction Scope: okSKILL.md only instructs the agent to call the plugin's URL scanning tools and to act on the returned agent_access_directive. It does not instruct reading unrelated files, environment variables, or system paths. It explicitly warns not to verify localhost/file:// addresses and instructs how to interpret results, which is appropriate for the stated goal.
Install Mechanism: noteThe skill has no install spec and no code files (lowest on-disk risk). However, the SKILL.md tells users to install @cybrlab/preclick-openclaw via openclaw plugins install — that plugin will introduce code and network behavior. Because the plugin's source/homepage is not provided here, you cannot audit what the plugin will install or call; review the plugin before installing.
Credentials: okThis skill itself requests no credentials or env vars. That is proportionate for an instruction-only wrapper. Be aware the referenced plugin may require credentials, keys, or network access; those requirements are not visible in this skill and should be evaluated separately.
Persistence & Privilege: okThe skill is not marked always:true and is user-invocable; it does not request persistent system-wide privileges. Its one declared requirement is that the plugin be enabled in the gateway config, which is reasonable for a companion skill.