ClawHub
Back to skill
v0.1.2

AOI Sandbox Shield (Lite)

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:42 AM.

Analysis

This appears to be a local snapshot and JSON-validation helper with no network or apply actions, though it can leave local copies of OpenClaw config and memory files.

GuidanceThis skill is reasonable for local audit snapshots and JSON config validation. Before using it, remember that snapshots are persistent local copies of OpenClaw config and memory/state files; inspect them before sharing and clean them up when no longer needed.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The registry metadata does not provide an independent source repository or homepage for provenance review. The bundled package has no dependencies or install script, so this is a notice rather than a concern.

User impactUsers have less external provenance context for the package, even though the included files are small and self-contained.
RecommendationReview the bundled SKILL.md and skill.js before installing, and prefer a publisher/source link for future releases.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
skill.js
const snapRoot = path.join(workspace, '.sandbox_snapshots_lite'); ... path.join(workspace, 'CURRENT_STATE.md'), path.join(workspace, 'MEMORY.md') ... fs.copyFileSync(p, path.join(dir, base));

The snapshot command copies local agent state and memory/context files into a persistent snapshot directory. This is aligned with the snapshot purpose, but it duplicates potentially private local context.

User impactPrivate OpenClaw configuration, state, or memory content may remain in local snapshot folders and could be exposed if those folders are shared or attached to release artifacts without review.
RecommendationUse the snapshot command only when needed, review snapshot contents before sharing, and delete or rotate old snapshots if they contain sensitive context.