Skillv1.0.0

ClawScan security

MARL — Multi-stage Reasoning Middleware · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 6:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are mostly coherent with a local middleware product, but there are misleading claims and operational gaps (privacy claim vs. behavior, external Docker/PyPI artifacts recommended but not vetted) that warrant caution before installing or routing sensitive data through it.
Guidance: This skill is an instruction-only wrapper that directs you to run a third-party MARL service (Docker image, pip package, or HuggingFace Space). Before installing or routing agent traffic through it, verify the upstream artifacts (Docker Hub image, PyPI package, GitHub repo and releases) and confirm they come from the claimed publisher. Don't assume 'data never leaves your infrastructure' — if you configure MARL to use cloud LLMs, your prompts/results will be sent to those providers. Run the Docker/pip artifacts in an isolated environment (container/VM) first, inspect the source code on GitHub, check PyPI/Docker release signatures or hashes if available, and review the service's configuration for where it sends model queries (local vs. cloud). If you plan to use sensitive domains (pharma, genomics, chemistry), treat outputs and the service itself as higher-risk and perform additional review/auditing before production use.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a local multi-stage middleware that sits between the agent and any LLM — that purpose matches the configuration examples (setting baseURL to localhost). However the registry metadata listed 'source: unknown / homepage: none' while the SKILL.md includes links to PyPI, GitHub, Docker Hub and a website; this mismatch is noteworthy and should be verified. Claim that core engine is 'compiled binaries' is plausible but not visible in the skill bundle (instruction-only).
Instruction Scope: noteInstructions are limited and focused: they tell the user to run MARL locally (docker/pip/Space) and point OpenClaw to a local baseURL. The SKILL.md does not instruct the agent to read unrelated files or environment vars. However it explicitly states 'your data never leaves your infrastructure' while also saying MARL will make API calls to the chosen LLM — if that chosen LLM is a cloud service, user data will leave the host. That is a misleading privacy claim and an operational ambiguity the user should understand.
Install Mechanism: concernThe registry bundle contains no install spec (instruction-only), but the README recommends running third-party artifacts (docker image vidraft/marl, pip package 'marl-middleware', and a HuggingFace Space). Those external artifacts may execute arbitrary code; the skill package provides no verification or hashes. Because installing/running the Docker image or pip package is how the middleware is actually deployed, the user should verify the Docker Hub/PyPI/GitHub releases and their provenance before running.
Credentials: okThe skill declares no required env vars or credentials, and SKILL.md does not request secrets. That is proportionate for an instruction-only skill; note though that the MARL service itself (outside this skill) will likely require API keys to call external LLMs — those credentials are not requested here but are necessary for operation if you use cloud LLMs.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It's user-invocable and does not modify other skills or system-wide settings as presented.