Skillv1.0.0

ClawScan security

Mission Control · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 6, 2026, 12:31 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, commands, and requirements align with a CLI system-health tool for OpenClaw agents: it reads system state and logs and can restart services (with sudo), but it does not ask for unrelated credentials or perform network exfiltration.
Guidance: This skill appears to do what it says: local monitoring of OpenClaw-related processes, resources, cron jobs, and systemd services. Before installing: 1) Review the mctl.sh script yourself (it runs journalctl, systemctl, pgrep, etc.) if you have sensitive logs or process command-lines you don't want exposed. 2) Ensure the agent will ask you before performing a restart (restart uses sudo). 3) Because the agent can invoke skills autonomously by default, consider whether you trust the agent to run this tool without interactive approval — it only accesses local state and does not call external endpoints, but it can collect potentially sensitive local information. 4) Optionally test on a non-production host first. Minor note: some JSON output paths in the script look slightly buggy (harmless but may affect machine-readable output).

Purpose & Capability: okName/description match the provided files: mctl.sh inspects processes, resources, cron entries, and services (including openclaw CLI calls). No unrelated credentials, downloads, or tools are requested. package.json points to the same script as main.
Instruction Scope: noteRuntime instructions and the script perform broad local reads (pgrep/ps, /proc/loadavg, free, df, systemctl, journalctl, ss, and optionally openclaw and nvidia-smi). This is expected for a monitoring tool, but those operations can reveal sensitive local information (process command lines, logs). The SKILL.md clearly documents the commands and requires confirmation for restart operations.
Install Mechanism: okNo network install or external downloads; install is a local copy (clawhub or cp). No extract-from-URL or third-party package registries are used.
Credentials: okThe skill declares no required environment variables or credentials and the script does not attempt to read secrets from unrelated env vars or config paths. It sets a temporary TMPDIR internally when producing JSON.
Persistence & Privilege: notealways:false and user-invocable:true (normal). The skill can be invoked autonomously by the agent (disable-model-invocation:false), which is platform default; combined with the ability to read logs/process lists, autonomous runs could expose system state without interactive user review. Restart requires sudo and the script documents confirmation is required.