Skillv1.0.0

ClawScan security

Fanta Autoresearch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 24, 2026, 2:29 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, instructions, and script are consistent with an autonomous iterative optimization tool, but it explicitly runs arbitrary verification/exec commands (via shell) and can spawn subagents/background processes — so only use with trusted commands and limited scope.
Guidance: This skill appears to do what it says: automate iterative experiments. It does, however, assume it can run arbitrary verification and background commands. Before installing/using it: - Only supply trusted verification commands (the verify argument is executed via the shell). Avoid passing untrusted strings that could execute unintended shell actions. - If you intend to run autonomous subagents or background execs, constrain their scope (limit modified file paths, use a sandbox or ephemeral environment, set resource/time limits). - Review and, if needed, modify scripts to avoid shell=True style execution or to use safer argument lists to reduce injection risk. - Check where logs are written (default: autoresearch-log.tsv) and ensure sensitive data is not captured there. - Don't grant additional credentials or environment variables to this skill unless you understand and approve each use case (the skill itself does not request any). If you want extra assurance, run the Python script in a controlled environment first and/or have a developer replace subprocess.run(..., shell=True) with a safer invocation that passes args without shell expansion.

Review Dimensions

Purpose & Capability: okName/description (autonomous iterative optimization) match the provided SKILL.md, reference docs, and the included Python helper. Requested resources (none) are consistent with an instruction-only/tooling skill for running iterations and verification commands.
Instruction Scope: noteSKILL.md instructs agents to run verification commands, spawn subagents (sessions_spawn), and use exec with background continuation. Those are coherent for long-running optimization loops, but they grant the skill the ability to run arbitrary shell commands and persistent tasks — the instructions also reference modifying files (e.g., ~/.openclaw/workspace/MEMORY.md, openclaw.json) which fits the stated scope but should be explicitly limited by the user when running autonomously.
Install Mechanism: okNo install spec; skill is instruction + a small Python script. Nothing is downloaded or written by an installer during install, which reduces supply-chain risk.
Credentials: okSkill declares no environment variables, no credentials, and no unusual config paths. The files and commands referenced (openclaw cron, local workspace files, common test/build tools) are appropriate for the described purpose.
Persistence & Privilege: okalways:false and default autonomous invocation are set. The skill does not request permanent inclusion or elevated platform privileges. It can spawn background processes per SKILL.md, which is expected for long-running loops but increases runtime blast radius if misused.