skill-manager
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears benign: it lists installed OpenClaw skills by reading local skill metadata and running a fixed `clawhub list` command, with no evidence of mutation, credential use, or exfiltration.
This skill is reasonable to install if you want a local inventory of OpenClaw skills. Before running it, make sure the `clawhub` command on your system is trusted, and remember that its output may reveal which skills you have installed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When run, the skill will execute the local `clawhub list` command and display its output.
Running the skill's script executes a fixed local command. This is purpose-aligned for listing installed ClawHub skills and does not use a shell or user-controlled arguments, but users should know it depends on the local `clawhub` executable.
result = subprocess.run(['clawhub', 'list'], capture_output=True, text=True)
Only run it in an environment where the local `clawhub` command is trusted; the skill metadata should ideally declare this runtime dependency.
The output may reveal which skills are installed and may include text supplied by other installed skills.
The script reads local installed-skill metadata from the persistent OpenClaw skills directory and prints descriptions from each skill's SKILL.md. This is aligned with the skill's purpose, but those descriptions are external context that should be treated as metadata rather than instructions.
SKILLS_DIR = os.path.expanduser("~/.openclaw/workspace/skills")Treat listed skill descriptions as informational only, and do not let descriptions from other skills override the user's intent or security decisions.
The script may fail if `clawhub` is unavailable, or it will use whichever `clawhub` executable is found in the user's PATH.
The source shows a runtime dependency on `clawhub`, while the provided requirements declare no required binaries. This is an under-declared but purpose-aligned dependency, not evidence of malicious behavior.
result = subprocess.run(['clawhub', 'list'], capture_output=True, text=True)
Verify that `clawhub` is installed from a trusted source before running the script; publishers should declare it as a required runtime binary.