Skillv0.1.1

ClawScan security

Agent Communication · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 2:49 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (a local WebSocket-based agent messaging broker and clients); it requests no credentials or external endpoints, but it does open a network listener and stores messages on disk so you should review network exposure and local data storage before installing.
Guidance: This skill appears to do what it says: a local WebSocket broker and client tools that keep messages on disk. Before installing or running: (1) run it in a trusted or isolated network or change the broker HOST from 0.0.0.0 to 127.0.0.1 if you do not want it reachable externally; (2) review and control access to the skill's data/ directory (message, status, workspace files are stored there); (3) install the 'websockets' dependency in a virtualenv to avoid affecting system Python; (4) be aware test_websocket.py uses an absolute '/root/.openclaw/...' path which may need adjustment in your environment; (5) note minor metadata/version inconsistencies in README/_meta vs registry metadata (harmless but worth checking the publisher). If you need the broker accessible beyond the host, place it behind appropriate network controls (firewall, auth proxy) — otherwise bind to localhost.

Review Dimensions

Purpose & Capability: okThe name/description (Agent communication via WebSocket) align with the included scripts (broker, websocket_client, send, broadcast, status, workspace). No unrelated binaries, credentials, or external services are required by the code.
Instruction Scope: noteSKILL.md and scripts instruct running a local WebSocket server and clients and saving messages to a local data/ directory. The broker binds to 0.0.0.0:8765 (all interfaces) which is expected for a messaging service but can expose the service to the network — consider binding to localhost or adding firewall rules. Test scripts include a hard-coded sys.path insert pointing at an absolute '/root/.openclaw/...' path (test_websocket.py), which is an environment-specific assumption but not evidence of malicious behavior.
Install Mechanism: okNo install spec is embedded; runtime instructions ask to pip install the single dependency 'websockets'. This is low-risk and proportionate to the code's needs. There is no downloading of arbitrary archives or remote executables.
Credentials: okThe skill requests no environment variables or credentials. The code does not read secrets or external config; it only reads/writes local files under its data/ directory and templates/config.json. This is proportionate to its functionality.
Persistence & Privilege: okThe skill is not always-included and does not request elevated platform privileges. It writes only to its own data/ directory and does not modify other skills or global agent configuration.