Back to skill
Skillv1.0.0
ClawScan security
skill-list · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 8, 2026, 4:03 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill largely does what it claims (list installed skills) but contains an undeclared external dependency ('clawhub') and reads user skill files — verify the external tool and inspect skill metadata before installing.
- Guidance
- This skill is mostly coherent with its stated purpose, but verify a few things before installing: 1) The script runs the external command 'clawhub list' even though no required binaries are declared — ensure 'clawhub' is present on your PATH and that you trust that binary. 2) The script reads SKILL.md files from ~/.openclaw/workspace/skills and prints their contents; review those SKILL.md files to ensure they don't contain secrets or unexpected data. 3) Because the script executes an external program and prints file contents, consider running it in a restricted environment first or inspecting the code (scripts/list_skills.py) yourself. If you plan to install widely, ask the publisher to declare 'clawhub' as a required binary in the skill metadata.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description match its actions: it reads installed skills and prints descriptions. However, the bundled script calls an external tool ('clawhub') to list ClawHub-installed skills while the registry metadata declares no required binaries — that's an inconsistency that should be declared or justified.
- Instruction Scope
- noteSKILL.md and the script stay within the stated scope (reading ~/.openclaw/workspace/skills SKILL.md files and printing a table). The script also executes the external command 'clawhub list' and prints its stdout; this is expected for including ClawHub-managed skills but is an action beyond simple local file reads and should be noted.
- Install Mechanism
- okThere is no install spec (instruction-only plus one script). Nothing is written to disk by an installer and no remote downloads are performed.
- Credentials
- okThe skill requests no environment variables or credentials. It reads files under the user's home (~/.openclaw/workspace/skills), which is appropriate for enumerating installed skills, but SKILL.md contents may contain arbitrary text so users should confirm no sensitive data is stored there.
- Persistence & Privilege
- okThe skill is not always-on and doesn't request elevated privileges or modify other skills' config. Autonomous invocation is allowed (platform default) but not by itself a concern.