Skillv1.0.4

ClawScan security

auto-drive · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 27, 2026, 6:14 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, required binaries, and requested API key line up with its stated purpose (permanent storage and chain-based memory on the Autonomys Auto‑Drive service), but there are a few operational/visibility concerns you should be aware of before installing.
Guidance: This skill appears coherent and implements what it claims, but consider the following before installing: - Permanence risk: Anything you upload becomes content‑addressed and is intended to be permanent/immutable. Do not upload secrets, credentials, private keys, or sensitive PII you would later want removed. - API key handling: The setup scripts will store your AUTO_DRIVE_API_KEY under ~/.openclaw/openclaw.json and ~/.openclaw/.env (files created with chmod 600). Create a dedicated, limited-scope API key if possible and rotate/revoke it if compromised. - Visibility of source: The package has no homepage and the source is listed as unknown. While the code here is readable and consistent, you should be comfortable trusting this repository before giving it long-lived credentials. - Operational notes: The setup flow opens the Auto‑Drive dashboard and requires the user to paste an API key — the agent cannot complete OAuth on its own. The skill also updates a local state file and optionally writes a MEMORY.md entry in your workspace. - Best practices: Review the AD_API_BASE and gateway domains referenced in _lib.sh to ensure they match the expected service; keep backups of your lastCid if you rely on resurrection; restrict what you store (avoid secrets), and remove the key and skill if you no longer need permanent storage. If you trust the Autonomys service and the author, the skill is proportionate to its purpose; if you are uncertain about the unknown source, consider requesting a homepage/repository or using a vetted official SDK instead.

Review Dimensions

Purpose & Capability: okName/description claim permanent storage on Autonomys and the files/scripts implement upload/download, save-memory, and chain-resurrection using the Autonomys Auto‑Drive APIs. Required binaries (curl, jq, file) and the single required env var (AUTO_DRIVE_API_KEY) are exactly what this functionality needs.
Instruction Scope: noteRuntime instructions and scripts are narrowly scoped to the declared purpose: they create/upload files, download by CID, build/trace a linked list of JSON experiences, and update a local state file and optional MEMORY.md. Scripts validate CIDs and restrict output/state paths to the user home directory. The setup script opens the Auto‑Drive dashboard and asks the user to paste an API key (it correctly notes OAuth cannot be completed by the agent). Note: the SKILL.md wording 'take over' may be ambiguous — the agent must not attempt to complete OAuth flows itself; user interaction is required.
Install Mechanism: okInstall spec only references brew formulas for curl, jq, and file — common, well-known packages. No external arbitrary downloads, no archives/extract steps. Low install risk.
Credentials: okThe skill requests a single credential (AUTO_DRIVE_API_KEY) and treats it as the primary credential. It stores the key in ~/.openclaw/openclaw.json and ~/.openclaw/.env (files are created with restrictive permissions). Optional environment variables (OPENCLAW_WORKSPACE, AGENT_NAME) are referenced but not required. No unrelated credentials or broad secret access are requested.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable; it writes its own config and state under the user's ~/.openclaw directory (it merges into openclaw.json rather than clobbering other skill settings when present). It does not modify other skills' configs beyond enabling itself in the local openclaw.json entry.