Back to skill
Skillv3.0.2
ClawScan security
Self-Learning Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 14, 2026, 5:52 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's documentation is coherent with a 'self-learning' purpose, but the runtime instructions encourage searching local token locations and automated actions without declaring or justifying access to credentials — this mismatch is suspicious and worth clarifying before enabling the skill.
- Guidance
- This skill's content mostly matches a 'self-learning' assistant, but it also contains explicit instructions to search for credentials and to perform publishing actions (GitHub/ClawHub) without declaring or explaining required access. Before installing or enabling autonomous use: 1) Ask the author to explicitly state what files, env vars, or commands the skill will access and why. 2) If you run it, prefer user-invocable only (disable autonomous invocation) or run in a sandboxed account that has no sensitive tokens. 3) Inspect or sanitize any referenced token paths (~/.github-token, ~/.openclaw/, env) and remove/rotate secrets you don't want scanned. 4) If you need publishing features, prefer giving minimal, dedicated credentials (least privilege) rather than allowing broad filesystem or environment scanning. 5) If unclear, do not enable always-on/autonomous execution and test in an isolated environment first.
Review Dimensions
- Purpose & Capability
- noteThe skill claims to be a self-learning/iteration assistant and indeed provides processes for daily/weekly learning, retrospectives, and publishing checks. However, many examples and remediation cases explicitly reference publishing workflows (GitHub/ClawHub), multi-location token searches (~/.github-token, ~/.openclaw/, env), and CLI commands — capabilities that go beyond passive 'learning' and imply access to local credentials and tooling. That capability is not documented as required in the registry metadata.
- Instruction Scope
- concernSKILL.md and associated docs instruct behaviors that may lead the agent to read local files and environment variables (e.g., '多位置搜索 (~/.github-token, ~/.openclaw/, env)', 'clawhub login', 'cat learning/progress-tracker.md'), and the skill explicitly endorses proactivity ('不等待指令,主动发现知识盲区'). Those instructions give the agent broad discretion to probe system state and credentials even though no such access is declared or scoped.
- Install Mechanism
- okThis is an instruction-only skill with no install spec, no downloaded artifacts, and no code files executed at install time — lowest risk by install mechanism. The repository-like README links are informational only.
- Credentials
- concernThe registry shows no required env vars or credentials, yet the documentation repeatedly references searching for tokens in common file locations and environment ('~/.github-token', env) and using CLIs for publishing. Asking for or searching credentials is disproportionate to the declared metadata and should be explicitly declared and justified.
- Persistence & Privilege
- notealways:false and user-invocable:true (defaults) — good. However the skill's emphasis on autonomous proactivity combined with instructions that could access local credentials increases the risk if the agent is allowed to invoke the skill autonomously. Consider restricting autonomous invocation or clarifying limits.