ClawHub
Back to skill
v1.0.0

Greg Eisenberg

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:48 AM.

Analysis

This is an instruction-only brainstorming/style skill with no code or requested credentials, though its reference notes discuss high-trust agent setup practices users should apply carefully.

GuidanceThis skill appears safe to install as an instruction-only ideation/style aid. Treat its OpenClaw and Claude Code setup references as educational notes, not defaults to enable blindly. Be especially careful with browser session access, persistent memory, heartbeat automation, and any mode that skips confirmations.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
references/claude-code-course.md
**Dangerously skip permissions mode** — bypasses confirmation prompts (use with caution)

The reference material mentions a mode that reduces user confirmation prompts. It is clearly labeled with caution and is part of Claude Code workflow notes, not an instruction for this skill to enable it automatically.

User impactIf a user follows this advice outside the skill, an agent could perform actions with fewer confirmations.
RecommendationKeep confirmation prompts enabled for file changes, deployments, account actions, payments, and public posting unless you have a tightly scoped, reversible workflow.
Rogue Agents
SeverityLowConfidenceHighStatusNote
references/openclaw-setup.md
**Cron health check** — monitors if cron jobs failed and re-triggers them ... Keep heartbeat instructions lean — it runs constantly

The reference describes long-running heartbeat/cron automation. This is relevant to OpenClaw automation guidance and not implemented by the skill, but it is persistent behavior users should scope carefully.

User impactIf implemented broadly, automated background tasks could continue acting after the user stops actively supervising them.
RecommendationUse explicit schedules, logging, allowlists, and manual approval for high-impact background actions.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
references/openclaw-setup.md
**Chrome Relay** — Chrome extension on your main browser, lets OpenClaw take over your existing logged-in sessions. Less recommended

The reference discusses browser/session delegation, which is high-trust account access. It also says this method is less recommended and later advises dedicated agent-owned accounts, so this is a cautionary note rather than hidden credential use.

User impactUsing a main logged-in browser session could let an agent act inside personal accounts.
RecommendationPrefer separate browser profiles and dedicated agent-owned accounts with least privilege; avoid giving agents access to personal logged-in sessions.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
references/openclaw-setup.md
`memory.md` doesn't exist by default — you need to tell OpenClaw to create it ... Add memory autosave to heartbeat — every 30 minutes, save current session to memory

The reference recommends persistent memory and periodic autosave, which can retain user context across sessions. The skill itself does not implement storage, but this is sensitive setup advice users should understand.

User impactPrivate preferences, work logs, or task details could be stored and reused later if the user implements this setup.
RecommendationReview memory files regularly, avoid saving secrets or sensitive personal data, and disable or narrow autosave for sensitive workflows.