Skillv1.0.0

ClawScan security

Reaction Processor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 12, 2026, 9:35 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (running docker exec + SQL that writes event/reaction rows) is consistent with its stated purpose, but it has small but important incoherences and privilege implications that you should review before installing.
Guidance: This script appears to do what it says (recording trigger events/reactions), but review the following before installing or running: 1) It runs docker exec into a container named 'supabase-db' and runs psql there — ensure you trust the runtime environment and that the agent is not given unnecessary Docker daemon access. 2) The DB container name, postgres user, database name, and AGENT_ID are hardcoded; consider requiring these as explicit config/env vars and avoid running on production without a backup. 3) Inspect the SQL to confirm you are comfortable with the inserts/updates to public.openclaw_* tables. 4) If you want least privilege, run the script in a test environment first or adapt it to use a less-privileged DB user and to accept connection details via environment variables rather than hardcoded values.

Purpose & Capability: noteName/description claim to record events/reactions for stale_missions_alert and the included script performs exactly that (inserting into public.openclaw_agent_events and public.openclaw_agent_reactions, updating public.openclaw_trigger_rules). Functionality matches the stated purpose.
Instruction Scope: okSKILL.md and the script are narrowly scoped to the stale_missions_alert flow and only run SQL against public.openclaw_* tables. Nothing in the instructions attempts to read unrelated files or call external endpoints.
Install Mechanism: okThis is an instruction-only skill with no install spec — no packages or remote downloads are performed by the skill itself.
Credentials: noteThe skill declares no required env vars or credentials, but the script assumes availability of Docker and a specific container named 'supabase-db' and a postgres user/db. Those runtime dependencies are not listed, and AGENT_ID and DB container are hardcoded rather than supplied via config.
Persistence & Privilege: concernRunning the script requires the agent runner to be able to execute 'docker exec' (access to the Docker daemon), which is a high privilege. The script performs writes/updates to the database, so running it grants the skill the ability to mutate your DB state.