Skillv1.0.0

ClawScan security

My skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 15, 2026, 8:38 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with its stated purpose (capturing learnings/errors and offering optional OpenClaw hooks); it asks for no credentials and does not perform unexpected network/exfiltration actions, though you should be cautious about logging sensitive command output if enabled.
Guidance: This skill appears coherent with its stated purpose. Before installing or enabling hooks: (1) review the scripts (activator.sh, error-detector.sh, extract-skill.sh) to ensure you are comfortable with files being created under your current directory or ~/.openclaw; (2) avoid enabling PostToolUse/error-detector in untrusted environments because CLAUDE_TOOL_OUTPUT can contain secrets — keep the policy 'do not log secrets' in force; (3) prefer enabling only the lightweight UserPromptSubmit activator if you want reminders without inspecting command output; (4) if you install hooks, use explicit paths and correct permissions (chmod +x scripts/*.sh), and enable hooks only in trusted user-level config rather than globally. If you need higher assurance, run the scripts in a sandboxed workspace first and inspect generated files before enabling cross-session sharing.
Findings: [CLAUDE_TOOL_OUTPUT_read] expected: scripts/error-detector.sh reads CLAUDE_TOOL_OUTPUT to detect error patterns. This is expected for a PostToolUse error detector but involves handling potentially sensitive command output; the script itself does not transmit the raw output, it only emits a brief reminder when patterns match. [workspace_file_write] expected: scripts/extract-skill.sh and SKILL.md instructions create files under ./skills or ~/.openclaw/workspace/.learnings. File creation/writes are core to the skill's stated function (logging learnings and scaffolding extracted skills).

Review Dimensions

Purpose & Capability: okName/description (self-improvement: capture learnings/errors and promote to workspace memory) match the included files and scripts: activator, error detector, extraction helper, and OpenClaw hook handlers. Required resources (none) are proportional to the stated functionality.
Instruction Scope: noteRuntime instructions create/append to .learnings/ files in the project or ~/.openclaw/workspace and advise not to log secrets. The error-detector script reads the CLAUDE_TOOL_OUTPUT env var to detect failures (expected for PostToolUse hooks) — this can include sensitive command output, so the skill's guidance to redact secrets is important. Hook handlers inject a virtual reminder file during bootstrap (no surprising file reads or network calls).
Install Mechanism: okNo automated install spec is provided; this is instruction-only with bundled scripts and hook handlers. Manual install steps (git clone, copying hooks) are explicit. No downloads from arbitrary URLs or package installs are executed by the skill itself.
Credentials: okThe skill declares no required env vars, credentials, or config paths. Its only runtime dependency is that some platforms provide CLAUDE_TOOL_OUTPUT for error detection — which is used but not forwarded. The number and type of environment accesses are proportionate to the purpose.
Persistence & Privilege: okalways:false and user-invocable:true. The skill includes optional hook files and scripts that, if installed by the user, will persist under ~/.openclaw/ (expected for an OpenClaw hook). It does not demand forced/global inclusion or modify other skills' configs.