Back to skill
Skillv7.2.0
ClawScan security
Self-Check System v7 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 16, 2026, 8:48 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's high-level purpose (self-check/logging) generally matches its instructions, but there are unexplained external-sync steps, mandatory on-disk logging, and references to scripts/external relays that the package does not declare — those gaps are cause for caution.
- Guidance
- This skill mostly does what it says (enforce self-checks and write checkpoints), but it requires persistent disk writes and mentions an external 'Bitable relay' and a local kanban script that are not included or authorized by the package. Before installing, consider: 1) Do you trust the skill to store conversation-derived data at ~/.openclaw/... ? 2) Where is the Bitable relay (endpoint/auth) and what will be sent there? 3) Are the referenced scripts (kanban_update.py) present and trustworthy in your environment? 4) If you need privacy, run this in a sandboxed agent or request the maintainer to declare the external integration and required credentials, provide a data retention policy, and optionally remove automatic disk writes. If anything is unclear, treat this as untrusted until the author clarifies the external sync and provides a minimal, auditable implementation.
Review Dimensions
- Purpose & Capability
- noteThe name/description (self-check, quality-control, checkpoint logging) aligns with instructions to perform multi-step checks and produce logs. However, the SKILL.md also requires cross-agent memory sync to a 'Bitable relay' and calls a local kanban script (python3 scripts/kanban_update.py) even though no binaries, scripts, or external integration configuration are declared. That mismatch is unexpected.
- Instruction Scope
- concernThe runtime instructions mandate creating and writing log files under the user's home (~/.openclaw/...), appending a behavior-tracker file, and enforcing machine & human checks before delivery. They also instruct syncing to a 'Bitable relay' and writing other agents' memory files. Those steps involve persistent local writes and potential outbound synchronization of user conversation data and inferred preferences — behaviour goes beyond mere in-memory checks and could surface sensitive content. The instructions reference running a local script (kanban_update.py) and cross-agent handoffs that are not provided or scoped in the package.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files — lowest install risk. Nothing will be downloaded or installed by the registry package itself.
- Credentials
- concernThe skill declares no required environment variables or credentials, but its instructions imply integration with external services ('Bitable relay') and other agents (i7/Y7) and expect local scripts. The absence of declared credentials or endpoints is an incoherence: an external relay typically requires auth or an endpoint. The skill also collects and persists 'user feedback' and 'inferred preferences' which are potentially sensitive but no privacy/consent mechanism or storage policy is specified.
- Persistence & Privilege
- noteThe skill does not request always:true or elevated platform privileges, but it mandates writing structured logs and behavior-tracking files into a specific path under the user's home. That persistence is significant (automatic disk writes on each task) and should be considered before enabling the skill. It does not, however, claim to change other skills' configs.