Skillv1.0.1

ClawScan security

自我成长 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 3:30 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with a self‑improvement / learning-capture purpose: it asks to create local .learnings files, offers opt-in hook scripts and templates, and does not request credentials or external endpoints—however, enabling hooks will run local scripts with the agent's permissions, so inspect them before activation.
Guidance: This skill appears coherent for capturing and promoting learnings. Before installing/enabling anything: 1) Review the scripts (scripts/*.sh) and hook handlers (hooks/openclaw/*) to confirm they only output reminders or write to project/workspace paths you control. 2) Prefer a project-level hook setup (not a global ~/.claude or ~/.openclaw change) so triggers are limited to intended projects. 3) If you enable the PostToolUse hook, note the error-detector reads CLAUDE_TOOL_OUTPUT and will run on tool events—ensure you want that behavior. 4) If you use the extract-skill helper, run it with --dry-run first and confirm the intended output directory to avoid accidental writes. 5) If cloning the suggested GitHub repo, inspect the remote contents before running any install commands. Finally, consider privacy: the skill recommends using sessions_history/sessions_send; only use those if you consent to cross-session transcript access.

Review Dimensions

Purpose & Capability: okName/description (capture learnings/errors and promote to workspace files) align with the included files and scripts: templates, logging formats, an activator reminder, an error detector, an extract-skill helper, and OpenClaw hook handlers. No unrelated credentials, binaries, or surprising capabilities are requested.
Instruction Scope: noteSKILL.md instructs creating ~/.openclaw/workspace/.learnings, copying the hook into OpenClaw's hooks directory, and optionally enabling hooks that inject reminders and run scripts on events. Those instructions are in-scope for a learning-capture skill. Be aware that the docs also recommend using platform tools (sessions_history, sessions_send, sessions_spawn) and promoting learnings into workspace files (SOUL.md, AGENTS.md, etc.), which means the skill expects to read/write workspace and may access multi-session transcripts if the platform exposes them—this is expected but relevant to privacy.
Install Mechanism: okNo automatic install spec; the repo suggests optional git clone from a GitHub repo and copying hook files. All included scripts and handlers are present in the package. There are no downloads from arbitrary URLs, no extract-from-remote archives, and no package installs declared—overall low install risk.
Credentials: okThe skill does not request environment variables, secrets, or credentials. Scripts reference CLAUDE_TOOL_OUTPUT and event/context structures specific to the agent platform (expected). The skill's read/write targets are workspace files under ~/.openclaw/workspace or the current project—proportionate for its purpose.
Persistence & Privilege: notealways:false (not forced). The skill includes optional hooks (activator, error detector) that, if enabled, will run local scripts on agent lifecycle events with the same permissions as the agent. This is expected for hook-based reminders, but enabling hooks gives the skill the ability to execute code on triggers—inspect scripts and prefer project-level configuration rather than global user-level enablement unless you trust it.