Skillv1.0.0

ClawScan security

Survival Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 10:49 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: Skill mostly fits its stated local “survival manager” purpose, but there are inconsistencies (Telegram notifications, model usage, and Windows-only scripts) that are unexplained and worth clarifying before install.
Guidance: This skill is plausible for local financial/agent management but has a few unclear points you should verify before installing: - Telegram & notifications: SKILL.md mentions Telegram notifications but the skill does not declare or request any Telegram API token or explain how the 'message' tool is configured. Ask the author how notifications are delivered and where credentials are stored; do not provide tokens unless you trust the integration. - Model invocation & costs: The skill references qwen3.5-* models and per-call costs. Confirm whether model calls go through your OpenClaw account (and billing) or require external API keys. Understand and accept potential usage costs before enabling autonomous behavior. - File writes and authorization flow: The scripts will write and update local files (finance logs, survival-config.json, authorization-pending.md). Ensure these files and their paths are acceptable and that the authorization flow actually pauses high-risk operations the way you expect. - OS mismatch: Provided scripts are PowerShell (.ps1) but the skill has no OS restriction. If you run on non-Windows hosts, verify compatibility or convert scripts. - Test in a sandbox: Run the skill in an isolated environment first to confirm where network calls go, what files are created/modified, and how notifications are sent. Inspect survival-config.json and scripts line-by-line. If the author can clarify how Telegram and model invocations are configured (what credentials are needed and where they are stored), and if you confirm the skill will not receive or require hidden secrets, the inconsistencies become minor. Without that clarification, proceed cautiously.

Review Dimensions

Purpose & Capability: noteThe skill's name and description (manage funds, heartbeats, authorization queue) align with the provided instructions and PowerShell scripts: balance checks, logging income/expenses, authorization flow, and subagent coordination. However, SKILL.md asserts 'no external endpoints' while also describing Telegram notifications and invoking external models (qwen3.5 variants) via OpenClaw—these require external connectivity/credentials or platform-level services and are not declared. Additionally, all runtime scripts are PowerShell (Windows-oriented) but the skill metadata has no OS restriction—an operational mismatch.
Instruction Scope: noteInstructions stay mostly within the declared scope: local file reads/writes (with writes requiring authorization), periodic checks, and creating authorization requests. The doc also allows network searches, browser snapshots, and model invocations; those are described as optional or platform-provided, but the skill instructs sending Telegram notifications via a 'message tool' without showing how that tool is configured. The authorization flow and file paths are explicit, which is good; the vague references to external notifications and model calls grant the agent broader runtime capabilities unless the host constrains them.
Install Mechanism: okInstruction-only skill with no install spec and no code files beyond plain PowerShell scripts and markdown. No downloads or archive extraction are present, which lowers installation risk.
Credentials: concernThe skill declares no required environment variables or credentials, yet it references Telegram notifications and external model invocation (qwen3.5-*). Those integrations typically require API keys or platform-managed credentials. The absence of declared env vars or guidance for configuring notification credentials is an inconsistency that could hide required secrets or rely on implicit platform plumbing.
Persistence & Privilege: okalways:false (normal). Skill does not request to force-enable itself or change other skills. It writes to its own local files (authorization-pending.md, finance logs, survival-config.json) when authorized—this is expected for its purpose.