v1.0.6

Claw Reliability

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:58 AM.

Analysis

The skill is coherent for agent observability, but it handles local agent transcript data and can send optional webhook alerts, so users should understand those data flows before enabling it.

GuidanceThis appears suitable for its stated observability purpose. Before installing, be aware that it reads OpenClaw session transcripts, keeps a local SQLite metrics database and alert log, runs a local dashboard, and may send alert summaries to external webhooks if you configure them. Use trusted webhook destinations and protect the local data files.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

dashboard/frontend/index.html

<script src="https://cdnjs.cloudflare.com/ajax/libs/react/18.2.0/umd/react.production.min.js"></script> ... <script src="https://cdnjs.cloudflare.com/ajax/libs/babel-standalone/7.23.9/babel.min.js"></script>

The dashboard loads browser JavaScript from public CDNs, which is purpose-aligned for a web UI but adds third-party supply-chain dependence.

User impactOpening the dashboard depends on external CDN resources, which may be undesirable in air-gapped or high-security environments.

RecommendationFor sensitive deployments, vendor these assets locally or add integrity/pinning controls, and install Python dependencies from trusted, pinned sources.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/monitor.py

cfg.setdefault("alert_destinations", {})["discord"] = {"enabled": True, "webhook_url": args.webhook_url}

The optional Discord webhook URL is stored in the skill configuration and gives the skill delegated ability to post alerts to that Discord destination.

User impactAnyone with access to the config file may be able to see or reuse the webhook URL, and the skill can post to the configured channel.

RecommendationTreat webhook URLs as credentials, keep config.yaml private, rotate the webhook if exposed, and remove it when alerts are no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

This skill reads OpenClaw gateway events and session transcripts to extract: ... Tool invocations ... arguments ... All data is stored in a local SQLite database at `{baseDir}/data/metrics.db`.

The skill intentionally collects and persists agent transcript-derived data, including tool arguments, which may contain sensitive context even though the storage is local and purpose-aligned.

User impactLocal metrics may include sensitive tool names, arguments, errors, paths, session IDs, token usage, and cost data.

RecommendationUse it only on trusted machines, protect or periodically delete data/metrics.db and alert logs, and avoid enabling it for sessions that may contain secrets unless you are comfortable with local retention.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

scripts/alerts/discord_alerter.py

req = urllib.request.Request(self.webhook_url, data=data, headers={"Content-Type": "application/json", "User-Agent": "claw-reliability/1.0"}, method="POST")

When the user configures a webhook, alert data is sent to that external endpoint; this is disclosed and sanitized, but the webhook becomes a data boundary.

User impactA configured Discord or other webhook can receive alert messages derived from local agent activity, including sanitized error snippets or operational metadata.

RecommendationOnly use trusted webhook URLs, assume the destination can read alert content, and review alert details before enabling external notifications in sensitive environments.