Back to skill
Skillv1.0.0
ClawScan security
yan-watchman · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 7, 2026, 12:07 PM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill claims to be a Rust multi-platform watchdog but is instruction-only and asks the agent to create and build source files that are not present and to operate across external platforms without any credentials — the pieces don't add up.
- Guidance
- Do not run the SKILL.md commands on a production machine. The package contains only the instruction file but tells the agent to create and build a Rust project that does not exist here and to 'publish' it; that's an incoherence. Before installing, ask the publisher for: (1) a source repository or release artifact (GitHub/official host) containing the claimed Rust source or a prebuilt binary, (2) clear explanations of what credentials (Discord/Feishu tokens) the skill needs and why, and (3) a reproducible install spec (preferred: a signed release or well-known package). If you must test, do so in a sandboxed VM or container, inspect any files the skill would create, and avoid providing sensitive tokens until you can review source code and provenance.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md repeatedly describes a Rust project (Cargo.toml, src/, SQLite storage, tokio) and lists rust/cargo/sqlite3 as requirements, but the registry metadata shows no required binaries, no source repo, and the package contains only SKILL.md. A Rust-based multi-platform monitor would reasonably require source files or a binary plus API credentials for monitored platforms; those are missing.
- Instruction Scope
- concernRuntime instructions tell the agent to create a full project tree, run `cargo build --release`, copy src/config/README, and write a new SKILL.md to a publish directory. However, the package contains no source files to copy or build. The instructions also claim multi-platform monitoring (Discord/Feishu/WebChat) but do not direct the agent to obtain or use any platform credentials, nor do they justify reading other system files — this is scope-incoherent.
- Install Mechanism
- noteThere is no declared install spec (the skill is instruction-only). The SKILL.md expects a local build with cargo; that implies installing/using developer toolchain, but no source is included. While no external download URL is present (lower install risk), the build instructions as provided are inconsistent with the actual package contents.
- Credentials
- concernThe skill claims to monitor external chat platforms but requires no API keys, tokens, or config paths in the registry metadata. The SKILL.md's internal YAML mentions rust/cargo/sqlite3 but the registry lists none. Requesting no credentials for a multi-platform monitor is disproportionate and unexplained.
- Persistence & Privilege
- okThe skill does not request always:true, does not declare system-wide modifications, and its instructions operate within ~/.openclaw/workspace/skills which is the skill area. That said, the instructions will write files and run builds in the user's home workspace — actions that should be run only with explicit consent and in an appropriate environment.