Back to skill
Skillv1.0.0
ClawScan security
SELF LEARNING SKILL V3 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 15, 2026, 5:17 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only 'self-learning' assistant (no install, no declared credentials), but its runtime instructions encourage autonomous actions that reference searching for credentials and performing publish/automation flows — the requested manifest does not declare the needed access, creating an incoherence and potential risk.
- Guidance
- This skill is mostly documentation for a proactive "self-learning" assistant. That by itself is not dangerous — but the SKILL.md and example files repeatedly instruct the assistant to perform autonomous network actions and to look for credentials (e.g., ~/.github-token, ~/.openclaw/, environment variables, use of 'clawhub login' or GitHub CLI). Yet the skill metadata declares no required credentials. Before installing, consider: 1) Where will the agent run and what filesystem/env access will it have? 2) Will the agent be allowed to act autonomously on your behalf (push to repos, call CLIs, search files)? 3) If you install, restrict the agent's runtime permissions (no access to secret files or sensitive env vars), require explicit user consent before any credential use, and run the skill in a sandboxed account. Ask the author/maintainer to clarify exactly what automated actions the skill will take, to add explicit consent prompts before any credential access, and to declare any required credentials in the manifest. If you cannot verify those safeguards, avoid granting the agent access to sensitive tokens or enabling full autonomous invocation.
Review Dimensions
- Purpose & Capability
- okName/description (self-learning, continuous improvement) match the content of SKILL.md and the included docs: the skill is purely methodological/operational guidance for an assistant. No declared binaries, env vars, or installs are needed for the described documentation and checklists.
- Instruction Scope
- concernSKILL.md and supporting docs describe autonomous behaviors (daily/weekly scheduled actions, automatic learning triggers) and concrete operational steps referencing credential searches, publication workflows (clawhub login, GitHub CLI), multi-location token search (~/.github-token, ~/.openclaw/, env). Those instructions expand scope beyond passive documentation — they imply reading local files/env and taking network actions. The manifest does not declare or limit that access and there is no code-level sandboxing described.
- Install Mechanism
- okNo install spec and no code files that execute during install; instruction-only skills are lower-risk from installation. There are no downloads/archives or third-party packages declared.
- Credentials
- concernThe skill declares no required env vars or credentials, yet the docs repeatedly reference locating and validating tokens, using CLI auth, and searching env/file locations for credentials. Requesting or encouraging access to tokens/credentials without declaring them is disproportionate and incoherent with the manifest.
- Persistence & Privilege
- concernalways:false (expected), but the skill explicitly encourages autonomous, recurring actions (daily summaries, automated publishing checks, proactive credential validation). Combined with instructions about searching for tokens and calling CLIs/APIs, this increases the blast radius if the agent is allowed to act autonomously. The skill does not document safeguards or explicit user-consent gating for credential access.