Back to skill
Skillv0.1.8
ClawScan security
Openclaw Aicfo Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 9:07 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose: it uses a single AICFO bearer key and a local Node adapter to call AICFO APIs and connector actions, and it does not request unrelated credentials or install arbitrary software.
- Guidance
- This package appears to do what it says: it runs a local Node adapter and needs only an AICFO API key. Before installing, confirm the AICFO_API_KEY you provide is scoped with least privilege (avoid broad write/delete scopes unless required), verify the adapter source if you want extra assurance (bin/openclaw-aicfo-adapter.mjs is included), and be aware that invoking connector actions will cause the AICFO backend to interact with external services (e.g., Google Drive, Telegram) so review those connector permissions separately. If you need higher assurance, run the adapter commands (session, tools, a read-only company operation) in a controlled environment to inspect responses and behaviour before granting broader access.
Review Dimensions
- Purpose & Capability
- okName/description, declared primary credential (AICFO_API_KEY), and provided operations (session, companies, connectors, documents, file/entity reads) align with the included Node adapter and the documented REST surfaces. Requiring Node and one bearer API key is proportionate to the described functionality.
- Instruction Scope
- noteSKILL.md instructs the agent to run the included bin/openclaw-aicfo-adapter.mjs and to prefer session introspection and company-scoped operations. Guardrails in the docs limit misuse (e.g., check scopes before connector or document-write actions). The adapter and docs mention connector actions (Telegram, Google Drive) which trigger provider actions via AICFO; this is expected but increases data-access scope because the backend connectors may interact with external services.
- Install Mechanism
- okNo install spec is present; the skill is instruction-plus-local-script only. That is low risk because nothing is downloaded or extracted at install time. The adapter is run with the system Node binary as expected.
- Credentials
- noteThe skill requires a single primary credential (AICFO_API_KEY), which is appropriate. The adapter also supports optional env vars (AICFO_APP_URL, AICFO_COMPANY_ID) mentioned in docs but not listed as required — this is reasonable but worth noting so users understand additional envs may be read at runtime.
- Persistence & Privilege
- okThe skill does not request always:true and is user-invocable with normal autonomous invocation settings. It does not attempt to modify other skills or system-wide configs.