Validator Tool
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: validator-tool Version: 1.0.0 The validator-tool skill bundle provides a Python script (scripts/validate.py) that implements standard data validation logic for formats like JSON, email, IP addresses, and credit card numbers (via Luhn algorithm) using built-in libraries. While the documentation (SKILL.md) describes several features not actually implemented in the code (such as file path validation, batch processing, and JSON schema support), the existing code is safe, lacks network/file-writing capabilities, and contains no indicators of malicious intent or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could be asked to inspect local paths or process a file of private inputs, although the artifacts do not show broad scanning or exfiltration.
The documented interface can be used with local file paths or batch files. This is coherent for a validator, but users should keep file-based validation scoped to intended files.
--schema FILE JSON Schema file for --json validation --batch FILE Validate multiple inputs from a file (one per line) --path Validate file/directory path (exists, readable, writable)
Use explicit file paths, avoid broad or sensitive batch files unless needed, and ask the agent to confirm before validating large local datasets.
Installing or invoking the skill may run the included local validator script, but the reviewed code does not show unsafe execution behavior.
The skill includes an executable Python CLI script. Running local code is expected for this validator and the script only performs in-process validation using standard libraries.
#!/usr/bin/env python3
...
if __name__ == '__main__':
main()Run it only from the reviewed skill package and keep normal caution for any local executable script.
A user might not realize this skill can be used with payment-card numbers, and entering real card numbers on a command line can leave local traces.
The script supports credit-card validation and even shows a command-line example, but the top-level SKILL.md description does not advertise credit-card handling. Credit-card numbers are sensitive, and command-line arguments can be exposed through shell history or process listings.
def validate_credit_card(card: str) -> Tuple[bool, str]:
"""Validate credit card using Luhn algorithm."""
...
print(" validate.py credit-card 4532015112830366")Use test or masked card numbers when possible, and update the skill documentation if credit-card validation is intended.