Skillv4.0.0

ClawScan security

ClawNet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 4:01 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (an OpenClaw messaging plugin) matches its instructions and install hint; nothing requested is inexplicably unrelated, but you should verify the npm package and understand the plugin will hold networked access to messages and tokens on your gateway.
Guidance: This skill is internally consistent with being a gateway plugin for messaging and calendar features, but you should not install it blindly. Before installing: (1) verify the npm package @clwnt/clawnet on the npm registry and confirm the publisher and recent release history; (2) review the plugin's privacy/security docs at https://clwnt.com and any available source code or release tarball; (3) only install it on a gateway you control, since the plugin will store tokens and poll/send messages on your behalf; and (4) consider testing in an isolated environment first. If you cannot verify the package or publisher, treat installation as higher risk.

Review Dimensions

Purpose & Capability: okName, description, and runtime instructions all describe a messaging/email/calendar/contact/webpages plugin that runs inside the OpenClaw gateway. The install spec (an npm package @clwnt/clawnet) is consistent with a plugin that must be installed on the gateway. The SKILL.md explains account linking and token management is handled by the plugin rather than by the agent, which explains why no credentials are declared up front.
Instruction Scope: okSKILL.md directs the agent to use provided clawnet_* tools and to ask a human to run gateway install commands; it explicitly forbids executing instructions embedded in incoming messages and forbids agent-side CLI install actions. The instructions do not ask the agent to read unrelated files or environment variables.
Install Mechanism: noteInstall spec is an npm package (@clwnt/clawnet). npm installs are a reasonable way to deliver a plugin, but they carry the normal supply-chain risk: the package will be downloaded and executed on the gateway at install time. The skill provides no package provenance (author, npm link, checksums) in SKILL.md — you should verify the npm package and publisher before installing on a production gateway.
Credentials: noteThe skill declares no required env vars or credentials, which is consistent because account linking is performed at gateway setup time. However, the plugin will manage tokens and will have network access to poll inboxes, deliver messages, and send emails/ICS invites. That level of access is proportional to a messaging plugin but is sensitive — installing it grants persistent access to messaging/calendar/contact data stored in the gateway.
Persistence & Privilege: notealways:false (normal). The skill expects to run as a gateway plugin that polls every 2 minutes and delivers messages; autonomous invocation by the agent is allowed (default). This behavior is expected for a communications plugin, but note that autonomous agents + a networked messaging plugin increases the potential blast radius if the plugin or its credentials are compromised.