Skillv1.0.1

ClawScan security

skill-manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 8, 2026, 3:54 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: its code reads your local OpenClaw skills folder to produce a table of installed skills and descriptions and also calls the local 'clawhub list' command; it does not request secrets or perform downloads.
Guidance: This skill appears to do what it says: list installed skills by reading ~/.openclaw/workspace/skills and calling the local 'clawhub list' command. Before installing/running: (1) inspect scripts/list_skills.py (already included) — it is short and readable; (2) be aware that it will execute the 'clawhub' CLI if present, so only run it if you trust that binary (the registry metadata did not declare 'clawhub' as a required binary); (3) no secrets are requested or transmitted by the script, but if you are cautious, run it in a restricted environment or review/replace the 'clawhub' invocation to avoid running unknown code.

Purpose & Capability: noteThe skill's name/description match what the included script does (reads ~/.openclaw/workspace/skills and extracts SKILL.md descriptions). Minor inconsistency: the script invokes the 'clawhub' CLI but the registry metadata did not declare any required binary.
Instruction Scope: okSKILL.md instructs running scripts/list_skills.py, which only reads SKILL.md files under ~/.openclaw/workspace/skills and prints their descriptions. It also runs 'clawhub list' via subprocess to show ClawHub-installed skills; this is within scope for listing skills but grants the called binary full control of whatever it does.
Install Mechanism: okNo install spec or external downloads; the skill is instruction+script only and does not write or fetch code during install.
Credentials: okNo environment variables, credentials, or unusual config paths are requested. The script reads files from the user's ~/.openclaw workspace, which is appropriate for the stated purpose.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence or modify other skills' configs; it runs only when invoked.