Back to skill
Skillv1.0.0
ClawScan security
OpenClaw Flow Kit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:33 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The package's code and instructions align with the stated purpose (MoltX engage-gate helpers, JSON envelopes, workspace path helpers, release conductor), but there are a few small inconsistencies and side-effects you should be aware of before installing or running it.
- Guidance
- This skill appears to do what it says, but review and take these precautions before using it: - The 'publish' command runs the 'clawdhub' CLI via subprocess — ensure you have that CLI installed and trust it; the skill metadata does not list this binary as a requirement. - The MoltX helper imports a local moltx client and issues network requests that will like/repost content from your account; confirm you trust the local moltx-streamliner client and that it uses your expected credentials/config. - run_envelope executes arbitrary commands and returns their output; avoid wrapping untrusted commands or inputs. - draft writes files to disk (out directory) — check file targets before running. - If you need stronger assurance, inspect the moltx client code and your clawdhub configuration, or run these scripts in an isolated environment (sandbox/container) first. Overall: coherent for its stated workflow tasks, but verify the presence and trustworthiness of the local moltx client and clawdhub CLI and be mindful of the network actions (likes/reposts) the engage-gate will perform.
Review Dimensions
- Purpose & Capability
- noteThe scripts match the skill description: run_envelope wraps arbitrary commands into a JSON envelope, ws_paths finds workspace root, moltx_engage_gate performs minimal engagement via an existing moltx client, and release_conductor prepares/publishes/drafts releases. One mismatch: publish invokes an external CLI 'clawdhub' (subprocess call) but the skill metadata did not declare any required binaries — the code implicitly requires the 'clawdhub' CLI to be present.
- Instruction Scope
- okSKILL.md instructions are focused and describe the exact scripts to run. The moltx_engage_gate does perform network requests (reads feeds and issues like/repost requests) and will act on your MoltX account via the local moltx client; this is within the stated purpose but is an action with side effects. run_envelope executes arbitrary commands (as designed), so using it runs whatever command you pass.
- Install Mechanism
- okNo install spec — instruction-only plus included scripts. Nothing is downloaded or written by an installer. Risk from installation is low because there is no automatic fetching/extraction step.
- Credentials
- noteThe skill declares no required env vars, which matches the registry metadata. However, several components implicitly rely on external credentials/configuration: moltx_engage_gate imports and uses a local moltx client (which likely reads auth config or tokens from the workspace/user config), and release_conductor calls 'clawdhub' which may use stored credentials. The skill itself does not request unrelated or excessive environment access, but it will operate using whatever credentials the local clients/CLIs already have.
- Persistence & Privilege
- okalways is false and the skill does not modify other skills or system-wide configs. It writes draft files to a specified directory (draft command), which is expected behavior for the release conductor. Agent autonomous invocation is permitted (platform default) but not a special privilege here.