Skillv1.0.1

ClawScan security

hi-light Ear Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 11:30 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill appears to do what it says—wrap a user-driven setup flow to install and configure the HiLight OpenClaw plugin—but it will run OpenClaw CLI commands (including installing a plugin) and write the provided API key into your OpenClaw config, so review and consent are required before use.
Guidance: Plain-language checklist before installing: 1) Confirm you trust the plugin author (@art_style666/hi-light) because the openclaw CLI will download and install that plugin. 2) Be aware the script will store your HiLight API key into your OpenClaw config (channels["hi-light"].authToken); verify where OpenClaw keeps that file and that its file permissions are appropriate. 3) The skill bundle did not declare required binaries, but the script requires the 'openclaw' and 'node' commands — ensure those are installed. 4) Use --dry-run first to preview changes and --skip-install if you only want to rotate credentials. 5) The default allowFrom value is ['*'] (potentially permissive); if you need tighter restrictions, provide a more restrictive --allow-from value. 6) If you want a non-default websocket endpoint, provide --ws-url; otherwise the script uses the default wss://open.guangfan.com/.... 7) If you have concerns about where the API key will be stored or who can read it, do not proceed until you inspect OpenClaw's config storage and permissions. 8) If anything looks unexpected in the plugin source or the openclaw install process, stop and audit the plugin before continuing.

Review Dimensions

Purpose & Capability: noteName/description match the actual behavior: the skill collects an API key, installs @art_style666/hi-light via the openclaw CLI, writes channels["hi-light"] entries, validates config, and restarts the gateway. Small inconsistency: the registry metadata lists no required binaries, but the included script requires the 'openclaw' and 'node' commands (it checks for them at runtime). This is expected for the purpose but the manifest should declare those binaries.
Instruction Scope: okSKILL.md and user-flow.md provide a narrowly scoped, user-facing workflow (ask for API key, optionally ask wsUrl, allow dry-run). The runtime script only uses OpenClaw CLI and node and updates OpenClaw config keys; it does not attempt to read arbitrary user files or external secrets. It does, however, persist the API key into OpenClaw configuration (channels["hi-light"].authToken), which is within the stated purpose but is sensitive and should be made explicit to the user (the docs do call it out).
Install Mechanism: okNo install spec in the skill bundle; the script uses the user's existing openclaw CLI to fetch and install the plugin. No external arbitrary downloads or archive extraction are included in the skill itself. The actual plugin install is delegated to openclaw plugins install (expected).
Credentials: noteThe skill does not request environment variables or credentials in its manifest. The script requires the user to provide an API key as a CLI argument and then writes it into OpenClaw's config. That is proportionate to the stated purpose, but it means a secret will be stored in configuration; users should confirm where OpenClaw stores config and whether that file is protected. Also note the default 'allowFrom' is ['*'] which is permissive and may have security implications depending on what allowFrom controls.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable. It does not request system-wide persistent privileges beyond using the openclaw CLI to update the OpenClaw configuration and restarting the gateway, which are consistent with the advertised setup task.