Skillv1.0.0

ClawScan security

security-skiil-scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 5:39 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and required tools generally match a vetting purpose, but metadata inconsistencies (name/slug/owner mismatches) and an undeclared dependency on the 'clawhub' CLI are concerning and warrant manual review before installing.
Guidance: This skill mostly looks like a legitimate vetting checklist and quick-commands guide, but there are red flags that justify caution: - Metadata mismatches: the registry name/slug/owner differ from SKILL.md/_meta.json/README. That could be a packaging mistake or an attempt to masquerade as another skill — verify the correct author and slug before installing. - Undeclared dependency: the docs call 'clawhub install' but 'clawhub' is not listed in required binaries. Ensure you have the expected CLI tools and understand what the script will run. - Scope: the vetter tells the agent to download and 'cat' all files in a repo; that will expose any secrets embedded in the package being inspected. That is expected for vetting, but you should not run it against packages you don't trust or that might contain sensitive files. Recommended actions before installing: 1) Manually verify the skill’s source (author account, repo URL, ClawHub verified badge). Confirm ownerId/slug match the publisher. 2) Run the vetting commands yourself in a controlled environment (container or VM) rather than allowing an agent to run them autonomously. 3) Add 'clawhub' to your checklist of prerequisites if you plan to follow the SKILL.md instructions, or modify the instructions to use only declared tools. 4) If you need high assurance, refuse installation until the metadata inconsistencies are resolved and the publisher identity is confirmed.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a vetting tool that needs network checks (GitHub/ClawHub) and text inspection; requiring curl and jq is consistent. However there are incoherences: the registry lists this package as 'security-skiil-scanner' while SKILL.md and README call it 'skill-vetter' / 'openclaw-skill-vetter'; _meta.json slug/ownerId differ from the registry metadata. The README/SKILL.md also instructs use of the 'clawhub' CLI but 'clawhub' is not declared in required binaries.
Instruction Scope: noteInstructions explicitly direct the agent to download repos, list and cat all skill files, and call GitHub APIs — actions that are appropriate for a vetting tool. This scope is broad (it tells the agent to 'read ALL files' in a fetched package), which is expected for vetting but will reveal any secrets embedded in the inspected repo. The instructions do not request secrets or system credentials, but they do instruct network access to GitHub/ClawHub domains.
Install Mechanism: okNo install spec (instruction-only), so nothing is written to disk by an installer. This is the lowest-risk install model and matches the skill being a guidance/protocol document.
Credentials: okThe skill requests no environment variables or credentials (primaryEnv none). That is proportionate to a vetting/protocol skill. It will, however, instruct network calls which are necessary for its checks.
Persistence & Privilege: okalways:false and default model invocation are in place. The skill does not request permanent elevated privileges or to modify other skills' config. Autonomous invocation is allowed by default (not flagged here) but combine with other concerns when deciding to allow autonomous runs.