Skillv1.0.0

ClawScan security

Trigger Evaluator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 8:50 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (read/evaluate trigger rules) roughly matches its behaviour, but it contains unexplained hardcoded paths, implicit dependencies (Docker/engine script) and runs an unreviewed production engine which could have side effects—these mismatches make the package suspicious.
Guidance: This skill will run a production engine script from a hardcoded user workspace and run docker exec to query your DB container, but it does not declare those dependencies. Before installing: 1) Review the actual engine script at /home/cmart/.openclaw/workspace/scripts/stale_missions_engine.sh to confirm it is safe and idempotent. 2) Ensure you are comfortable granting the agent access to Docker (docker CLI and Docker daemon) and that the container name 'supabase-db' and DB credentials are correct for your environment. 3) Prefer a version that documents required binaries/env vars (docker, path to engine) or that bundles a read-only inspect-only mode if you only want to view trigger definitions. If you cannot inspect the engine or do not want the agent to execute production scripts, do not install or run the evaluate command.

Review Dimensions

Purpose & Capability: concernThe skill claims to 'wrap' the real stale_missions_engine and to inspect trigger rows, which aligns with its name. However it hardcodes a workspace path (/home/cmart/.openclaw/workspace) and a production engine path rather than declaring that it requires access to that workspace or the engine. It also assumes a specific Docker container name and DB credentials. Those hardcoded assumptions are not proportional to the stated, narrow purpose and reduce transparency.
Instruction Scope: concernThe evaluate command execs the production engine script directly (exec "$ENGINE"). That script is not bundled here; running it may read other files, mutate the database, send alerts, or perform network operations beyond simple evaluation. The SKILL.md describes only 'evaluate' and 'inspect' but does not warn that the engine may have side effects. The inspect command runs docker exec psql to read the trigger rule row which matches the described inspect purpose.
Install Mechanism: okThis is an instruction-only skill with no install spec, so nothing will be written to disk by an installer. That is the lower-risk option for installation mechanism.
Credentials: concernThe skill declares no required environment variables or binaries, but the script implicitly requires: access to /home/cmart/.openclaw/workspace, an executable engine at that path, and the docker CLI plus permission to talk to the Docker daemon (to run docker exec against 'supabase-db'). It also hardcodes DB_USER/DB_NAME and a container name. These implicit privileges and hardcoded credentials are disproportionate and undocumented.
Persistence & Privilege: noteThe skill does not request 'always: true' and is user-invocable only. Autonomous invocation is allowed (platform default). Coupled with the ability to exec a production engine script, this gives the skill potential to perform impactful actions if run autonomously — not a direct configuration flag but an operational risk to consider.