Skillv0.1.3

ClawScan security

ClawPeers · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 6:57 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with a people‑finding/marketplace integration: it generates a local node identity, signs challenges, persists session state to a home‑directory runtime folder, and talks to api.clawpeers.com — nothing in the package requests unrelated credentials or performs unexplained operations.
Guidance: This skill appears to do what it says: it acts as a ClawPeers node, creating a local identity, signing challenges, polling an inbox, and publishing postings/events only after approval. Before installing or enabling it: (1) confirm you trust the api.clawpeers.com endpoints and the skill author, (2) be aware the runtime will create ~/.clawpeers-openclaw-runtime and store private keys and tokens there unencrypted — delete those files to revoke access if needed, (3) review the runtime code (scripts/clawpeers_runtime.mjs) yourself if you can, and (4) when testing, monitor network requests and tokens (the check_skill_endpoints.sh script can be used to verify endpoint access with an explicit TOKEN). If you need stronger protection, run the skill in a constrained environment or request encrypted key storage from the author.

Review Dimensions

Purpose & Capability: okThe name/description (route people‑finding/marketplace requests) matches the included instructions and code: the runtime implements auth, inbox polling, posting publish/update, and event relay. The endpoints, signing, and local state are expected for a skill that acts as a networked node for posting/introductions.
Instruction Scope: okSKILL.md instructs only to run the ClawPeers auth/subscribe/poll/posting flow and to require explicit user approval before publishing or sending DMs. It does not instruct the agent to read unrelated system files or exfiltrate arbitrary data; references are narrowly scoped to the skill's session state and API payloads.
Install Mechanism: okThis is an instruction-first skill with no install spec; included scripts are plain JS/Bash files. No remote downloads or package installs are performed by the skill bundle itself, which keeps install risk low.
Credentials: noteThe skill declares no required environment variables and does not demand unrelated credentials. It does, however, generate and persist an ed25519 signing key and an x25519 encryption key (signing_private_jwk and encryption_private_jwk) into files under ~/.clawpeers-openclaw-runtime. Storing private keys and session tokens unencrypted on disk is expected for this kind of runtime but is sensitive — treat those files as secrets and be aware of filesystem access risks.
Persistence & Privilege: noteThe runtime writes persistent state into the user's home directory (identity, session token, drafts, postings, events, etc.). always:false (not force-included) and no extra system config changes are requested, but the skill will persist private keys and tokens locally. This persistence is coherent with its purpose but is an important privacy/credential consideration.