Eason Skill Vetting
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
This skill is reasonable as a conservative vetting checklist and regex scanner. Before installing, confirm the owner/version mismatch is expected, verify the scanner path, and remember that regex findings should prompt careful review rather than automatic conclusions. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may run local commands against third-party code while evaluating a skill.
The documented workflow downloads and unpacks third-party skill archives, then runs this skill’s local Python scanner. This is central to the stated vetting purpose and user-directed, but it is still local command execution on untrusted packages.
curl -L -o skill.zip "https://clawhub.ai/api/v1/download?slug=SLUG" ... unzip -q ../skill.zip ... python3 ~/.openclaw/workspace/skills/skill-vetting/scripts/scan.py .
Run the workflow only in a temporary directory, inspect the scanner source/path first, and avoid executing any downloaded skill code during review.
The agent may become overly rigid and reject useful or benign skills that contain educational examples or false-positive patterns.
The skill intentionally instructs reviewers to treat regex scanner findings very conservatively. That is security-aligned, but it can overstate scanner certainty and may cause false rejections if not interpreted in context.
NEVER downgrade scanner findings ... Scanner findings are ground truth ... If the scanner flags `prompt_injection` ... the skill is automatically rejected.
Use the scanner as a triage tool and require contextual human review before making final install decisions.
A user may be uncertain whether the reviewed package exactly matches the registry entry they intended to install.
The bundled metadata differs from the supplied registry metadata for this review, which lists a different owner ID and version 1.0.0. This is a provenance/package-consistency issue, not evidence of malicious behavior by itself.
"ownerId": "kn778te5jwecfa9xksxf8cmgh980d6s8", "version": "1.1.0"
Verify the intended slug, owner, version, and installed path before relying on the skill.