Back to skill
Skillv1.0.1
ClawScan security
OKR for clawbot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 2:35 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions match its stated purpose: it is an instruction-only OKR manager that reads/writes a single workspace memory file and does not request credentials or installs.
- Guidance
- This skill is internally coherent and appears to do only OKR-related work: it will read and update ~/.openclaw/workspace/memory/okr.md to store objectives, KRs, and post-completion reviews. Before installing, confirm you are comfortable with a skill that will modify that specific file (back it up if needed). There are no network calls, installs, or credential requirements declared. If you need stricter control, avoid granting autonomous invocation or review edits the skill makes before they are saved.
Review Dimensions
- Purpose & Capability
- okName/description (OKR management) align with the instructions: creating O/KR, tracking progress, enforcing reviews, and persisting to ~/.openclaw/workspace/memory/okr.md. No unrelated credentials, binaries, or external services are requested.
- Instruction Scope
- okSKILL.md limits actions to reading/updating the specified memory file, normalizing KRs, and producing reviews/scores. It explicitly instructs to read before writing and not to record sensitive credentials. It does not request broader system access or network exfiltration.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk by an installer beyond the normal read/write of the declared memory file at runtime.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths beyond the single workspace memory file it maintains. The requested access (read/write to memory/okr.md) is proportionate to an OKR manager.
- Persistence & Privilege
- noteThe skill persists state to ~/.openclaw/workspace/memory/okr.md (expected for a memory-backed helper). It is not always-enabled and does not request elevated privileges, but it will modify a file in the user's workspace when invoked — consider whether you trust automatic updates to that file.