Skillv1.0.2

ClawScan security

Build a Software Development Team · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 27, 2026, 4:55 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (creating/configuring an OpenClaw agent-based dev team) matches its instructions and requirements; it is instruction-only, requests no secrets, and delegates credential handling to other dependency skills as described.
Guidance: This skill appears coherent and does what it says: it drafts project files and coordinates agent configuration while delegating real credential access to designated dependency skills. Before installing: 1) Verify and trust the openclaw-administrator, Asana, Git, and Email dependency skills (they will hold/use secrets). 2) Confirm you want this skill to trigger on the broad set of phrases listed (it may run anytime someone asks about team/setup). 3) Run initial setups in a staging/test OpenClaw environment so you can review the files it creates (~/.openclaw/projects/...), the agent configs it asks openclaw-administrator to write, and any Asana/Git wiring performed by dependency skills. 4) Monitor agent activity and audit the dependency skills' access to secret stores. If you need higher assurance, request the source or provenance for the dependency skills and review their code/config before enabling in production.

Review Dimensions

Purpose & Capability: okThe skill's name/description align with what it does: create project folder structure, agent workspace files, workflows, and instruct the openclaw-administrator to create/configure agents. It does not request unrelated binaries, credentials, or access. Requiring the openclaw-administrator and Asana/Git/email dependency skills is coherent for this purpose.
Instruction Scope: noteThe SKILL.md contains detailed, prescriptive instructions for creating files (project folders, USER.md, AGENTS.md, queue files, project-lock.json, etc.), setting agent heartbeat intervals (via openclaw-administrator), and routing operator/agent behavior. This is within the declared purpose. Two items to note: (1) the skill is written to trigger on a broad set of phrases (may run in many related conversations), and (2) it asks for env var NAMES to hand off to dependency skills (it claims not to read secret VALUES). Both behaviors are explainable by the skill's goal but are worth reviewing before enabling triggers widely.
Install Mechanism: okInstruction-only skill with no install spec, no code files, and no downloads — lowest install risk. Nothing is written to disk by an installer; the skill's runtime instructions direct writing operator-managed project files (expected).
Credentials: okThe skill declares no required environment variables or credentials. It explicitly delegates secret handling to dependency skills (openclaw-administrator, Asana, Git, Email) and only collects/env-var NAMES (labels) to tell those dependency skills which env var key to look up. This is proportionate for a coordinator/orchestration skill, but it means you must trust the dependency skills that actually access secret values.
Persistence & Privilege: okThe skill is not marked 'always: true' and does not request long-term platform privileges. It instructs the openclaw-administrator to configure agents (which is expected for agent creation). Autonomous invocation (model invocation enabled) is default and appropriate for this kind of orchestration skill.