Context Onboarding
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 2 The `scripts/context_onboarding.py` skill is classified as suspicious due to its overly broad file access capabilities. While its stated purpose is to summarize workspace identity documents, the `--workspace` and `--files` arguments allow it to read arbitrary files from any directory accessible to the agent. This includes potentially sensitive files like user credentials or system configuration files (e.g., `~/.ssh/id_rsa`, `/etc/passwd`). Although the skill itself does not contain explicit malicious intent like data exfiltration or remote execution, it provides a high-risk primitive that could be leveraged by a malicious prompt injection against the OpenClaw agent to disclose sensitive information.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent points the skill at a private file, the first lines of that file could be displayed in the conversation or logs.
The CLI can be pointed at caller-selected files and workspaces, then reads and prints snippets from those files. This is read-only and aligned with the onboarding purpose, but it should not be aimed at sensitive local files.
parser.add_argument("--workspace", default="."); parser.add_argument("--files", nargs="+", default=DEFAULT_FILES); ... path = workspace / name ... path.read_text(encoding="utf-8")Use the default identity docs or clearly approved markdown files; get explicit user approval before using non-default paths or another workspace.
Stale or untrusted workspace docs could influence how an agent understands local norms or rules if their contents are over-trusted.
The skill intentionally surfaces persistent workspace identity and instruction documents for agent context. That is the stated purpose, but such documents should be treated as advisory and not as higher-priority instructions.
`scripts/context_onboarding.py` reads the key documents (`SOUL.md`, `USER.md`, `AGENTS.md`, `TOOLS.md` by default) and prints the first few lines of each
Keep these workspace docs reviewed, avoid storing secrets in them, and ensure any instructions they contain remain subordinate to system, developer, and current user instructions.