Skillv1.0.0

ClawScan security

Self-Upgrade (Tianyi) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 28, 2026, 10:51 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requested actions (reading/modifying OpenClaw config, creating backups, running built-in upgrade/diagnostic commands) align with its self-upgrade purpose, but it manipulates local credentials in config and contains a hard-coded workspace path that merit review before use.
Guidance: This skill is coherent with a self-upgrade tool, but review before installing: (1) Inspect the full script to confirm it does not transmit tokens off-machine and logs sensitive values. (2) Confirm that migrating authToken fields is intended — back up current configs and verify rollback works. (3) Remove or parameterize the hard-coded skillsPath (D:\workspace\openclaw_ceo\skills) to avoid touching unrelated directories. (4) Understand what openclaw doctor --fix does on your system (run in DryRun first). (5) Prefer to require explicit user confirmation for medium/high-risk steps and restrict autonomous invocation for those operations. If you cannot review the script or do not trust it to handle secrets safely, do not enable automatic mode.

Purpose & Capability: okName/description (self-upgrade, config migration, backups, diagnostics) match the instructions: reading ~/.openclaw/openclaw.json, migrating fields, creating backups, running openclaw doctor and npm checks are expected for an upgrade helper.
Instruction Scope: noteInstructions explicitly read and overwrite the OpenClaw config, migrate authToken → auth.token, create backups, and run openclaw doctor --fix. These are within upgrade scope, but any operation that touches authentication fields warrants careful review and explicit authorization; the skill does not show safeguards for avoiding accidental exposure of secrets beyond prohibiting unauthorized API key changes.
Install Mechanism: okInstruction-only skill with no install spec or external downloads — lowest install risk. No code files to execute were bundled by the registry.
Credentials: noteThe skill requests no environment variables or external credentials, which is appropriate. However it reads and writes the local OpenClaw config that may contain API tokens/credentials; this is proportionate for a migration tool but increases sensitivity and should be justified/authorized by the user.
Persistence & Privilege: okalways is false and the skill is user-invocable. The ability to modify local configuration is expected for an upgrade tool; autonomous invocation is permitted by platform defaults — combine with user confirmation for non-low-risk steps as the SKILL.md recommends.