Back to skill
Skillv1.0.0
ClawScan security
Skeall Skill Builder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 2:18 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and scope are consistent with an on-device skill-auditor/builder: it reads local skill directories and config files, performs static+runtime checks, and does not request credentials or install remote code.
- Guidance
- This skill appears to be what it claims: a local SKILL.md builder/auditor. Before installing or granting it autonomous access, note that its healthcheck mode will read local skill directories and platform config files (e.g., ~/.openclaw/, ~/.claude/, ~/.agents/) and may scan session logs and make HTTP requests to any URLs found in skills. Those behaviors are expected for an auditor but can reveal sensitive local metadata. Recommendations: (1) run its scan/healthcheck manually first in a safe directory to review outputs, (2) avoid pointing it at directories containing sensitive logs or secrets, (3) review any proposed automatic fixes before applying them (backup configs first), and (4) if you will let it run autonomously, restrict scope or monitor its activity until you’re comfortable.
Review Dimensions
- Purpose & Capability
- okName/description (skill builder, auditor, improver) match the content: SKILL.md and references contain scaffolding, templates, scan and healthcheck algorithms, and usage examples. The file references and checks (skill dirs, frontmatter rules, references/) are exactly what a skill-auditor/builder would need.
- Instruction Scope
- noteRuntime instructions explicitly instruct reading SKILL.md and reference files and performing healthchecks that probe local platform registries and logs (e.g., ~/.openclaw/openclaw.json, ~/.claude/settings.json, ~/.openclaw/logs/), scanning for file references, and issuing HTTP HEAD/GET checks against referenced URLs. Those actions are coherent for an auditor but involve reading local config and session logs and making network requests — a privacy-sensitive but expected scope for this tool.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files to download or execute. This minimizes disk-write and remote code risks.
- Credentials
- okThe skill does not declare required environment variables or credentials. SKILL.md does describe detecting $VARS referenced inside scanned skills (R6) and will report missing env vars, which is appropriate for an auditor. The skill does not request unrelated secrets or cloud credentials.
- Persistence & Privilege
- okalways:false and no install behavior; the skill does not request permanent presence or claim it will modify other skills' configs. Healthcheck reads platform registries and logs (read access) but does not include instructions that automatically write or reconfigure other skills. Autonomous invocation is allowed by default (platform default) but not combined with other concerning privileges.