Skillv1.0.0

ClawScan security

Port Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 7:05 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it claims (list, record, free ports) but has several inconsistencies and safety-relevant behaviors you should review before installing or letting it run autonomously.
Guidance: What to check before installing: (1) Review the script contents yourself — it runs lsof/ps/jq and can call kill to terminate processes. (2) Ensure lsof and jq are present and trusted; the metadata should declare those dependencies but does not. (3) Note the inconsistent documented file location vs the script's actual path — verify where ports.json will be written and back it up if needed. (4) Prefer running the script manually first to confirm behavior and prompts; do not allow unattended/autonomous execution until you're comfortable it won't kill important services. (5) If you need stronger guarantees, request the package author to fix the metadata (declare binaries, correct file paths) and to add safer checks (e.g., extra confirmation, limited PID filtering) before trusting autonomous invocation.

Review Dimensions

Purpose & Capability: concernThe skill's functionality (checking/listing/freeing ports) matches the script implementation, but the package metadata declares no required binaries while the script depends on system tools (lsof, jq, ps, kill). The SKILL.md and the script disagree about the ports.json location (SKILL.md: ~/.openclaw/workspace/.port-manager/ports.json vs script: ~/.openclaw/workspace/skills/port-manager/.data/ports.json). These mismatches are unexpected and should be corrected.
Instruction Scope: concernInstructions and script operate on system state: they run lsof/ps to enumerate processes, read/write a JSON file under your home workspace, and can terminate processes with kill. Terminating arbitrary processes is a high-impact action; although the script prompts for confirmation, an automated agent or a misused invocation could still terminate services. The SKILL.md also mentions netstat but the script uses lsof; minor mismatch but worth noting.
Install Mechanism: okThere is no external install/download step or remote code retrieval — the package is instruction+script only and writes files locally. No network fetches or archive extraction were found in the manifest.
Credentials: concernThe skill requests no credentials, but it accesses the user's HOME to read/write ~/.openclaw workspace and queries system process/state (lsof/ps). It also requires jq and lsof which are not listed in metadata. The ability to inspect and terminate local processes is powerful and not represented in any declared permissions.
Persistence & Privilege: noteThe skill persists its own data under ~/.openclaw/workspace/skills/port-manager/.data/ports.json (and includes sample .data files). It does not request always:true and does not modify other skills. However, because it can kill processes, consider the risk if the agent invokes this autonomously.