Back to skill
Skillv1.2.0
ClawScan security
Legal Guard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 25, 2026, 5:37 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are consistent with its stated purpose (to stop autonomous signing and require explicit human approval), and it contains no code, installs, or unexpected credential requests.
- Guidance
- This skill appears coherent and aligned with its stated purpose. Before installing: (1) confirm you trust the skill source (owner/publisher) because the skill will instruct your agent to intercept and present potentially sensitive contract contents; (2) verify your OpenClaw deployment actually implements the `/approve <id>` workflow the skill expects; (3) review how and where the agent will present executive summaries (the README mentions Telegram as an example) to ensure summaries aren't leaked to external channels you don't control; and (4) test the skill in a safe environment to confirm it halts signing flows and waits for the formal `/approve` command as documented.
Review Dimensions
- Purpose & Capability
- okName/description (preventing autonomous signing) align with the SKILL.md: there are no unrelated env vars, binaries, or installs requested and the actions described (intercept, summarize, require /approve) match the stated goal.
- Instruction Scope
- okRuntime instructions stay within the stated scope: stop before signing, extract a concise executive summary of contract terms, surface expiry timers, require a specific `/approve` command, and record approval IDs. The instructions assume the agent has document/web-interaction capabilities (expected for a skill of this type) but do not ask for unrelated files, system paths, or credentials.
- Install Mechanism
- okInstruction-only skill with no install spec or code files — nothing is downloaded or written to disk and no external packages are requested.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or elevated access.
- Persistence & Privilege
- okSkill is not marked always:true and does not request persistent/system-wide configuration changes. It relies on the platform's normal approval flow (`/approve`), which is appropriate for its function.