Back to skill
Skillv1.0.1
ClawScan security
Workspace Files · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 6:30 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are consistent with its stated purpose (safe text-file operations confined to a workspace directory); nothing requests unrelated credentials or network access.
- Guidance
- This skill appears to do exactly what it says: list, read, write, and search text files inside a sandbox. Before installing, confirm the hardcoded SANDBOX_ROOT (/home/cmart/.openclaw/workspace) is the intended workspace on your agent — if your agent uses a different home or user, the path may not exist or could point to another user's files. The script uses realpath to canonicalize and rejects paths that resolve outside the sandbox, which prevents typical path-traversal escapes; still, review whether you want an agent able to write files under that directory. No credentials or network access are requested.
Review Dimensions
- Purpose & Capability
- okName/description promise file operations inside a workspace sandbox and the included script implements list, read, write, and search operations restricted to a single sandbox root. Required resources (none) match the described functionality.
- Instruction Scope
- okSKILL.md instructs the agent to operate only on relative paths inside the workspace, and the script enforces that by resolving paths and rejecting anything that canonicalizes outside the SANDBOX_ROOT. The commands do not access environment variables, network endpoints, or other system paths.
- Install Mechanism
- okNo install spec; the skill is instruction-only with a bundled shell script. Nothing is downloaded or installed from external sources.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. It operates only on the hardcoded sandbox path and does not request secrets or unrelated access.
- Persistence & Privilege
- okalways is false and the skill does not modify other skills or system-wide configuration. It reads and writes only inside the declared sandbox path.