Skillv1.3.0

ClawScan security

oh my skill, make skill easy! · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 8:45 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is coherent with its stated purpose (auto-generating and saving skills) but it proactively captures conversation data and saves files to your workspace; the included desensitizer is useful but imperfect — review generated content and consent behavior before enabling.
Guidance: This skill appears to do what it says, but exercise caution before enabling automatic runs. Things to consider before installing or invoking: - The skill will capture your conversation and save new skill files to ~/.openclaw/workspace/skills. If those conversations contain sensitive data, it may be persisted even after desensitization. - The included desensitizer is helpful but not foolproof: its literal-replacements are short and regexes may miss tokens or custom secrets. Manually review the cleaned session text before saving any generated skill. - Disable or limit proactive/autonomous triggering if you want to ensure explicit user consent before any capture/save. Prefer a mode that requires you to confirm the cleaned content and the SKILL.md before writing files. - Inspect any generated SKILL.md and supporting files for embedded secrets, credentials, or unintended data before reusing or publishing them. - If you must use this, test the desensitizer against sample sensitive strings you care about (API keys, IPs, emails, etc.) to verify it masks them correctly, and consider extending its replacement lists. If you want, I can suggest safer configuration defaults (require explicit confirmation, move saves to a quarantine folder, or expand the desensitizer) or a checklist to audit generated skills automatically.

Review Dimensions

Purpose & Capability: okName/description, included Python desensitizer, and SKILL.md all align: this is an instruction-only auto-skill generator that needs python and writes SKILL.md files to the user's skills workspace. No unrelated binaries, credentials, or install steps are requested.
Instruction Scope: concernSKILL.md instructs the agent to proactively trigger after complex tasks (even if the user hasn't asked), to read the current conversation/session text, run the desensitizer, and save new skill files under ~/.openclaw/workspace/skills. Proactive triggering and broad discretion to capture/save session data are privacy-sensitive. The instructions also assume a session.txt path and other local artifacts without specifying how they are created; the desensitizer's literal-replacement list is minimal and regex masks can miss secrets, so sensitive data could be retained. This scope gives the agent broad authority to collect and persist conversation content.
Install Mechanism: okNo install spec (instruction-only) and only a small included Python script (desensitize.py). Nothing is downloaded from external URLs and no archives are extracted. Risk from installation actions is low.
Credentials: noteThe skill requests no environment variables or credentials, which is appropriate. It does write files into the user's ~/.openclaw workspace and reads session content; although not a credential request, writing/saving conversation-derived artifacts is a privacy-sensitive operation and should be limited to explicitly consented cases.
Persistence & Privilege: notealways:false and default autonomous invocation are fine. The skill will persist generated SKILL.md and supporting files under the user's skills workspace when run, which is expected. Combined with the proactive-trigger instruction, this could cause unrequested persistent artifacts to be created — but the skill does not request elevated system-wide privileges or modify other skills' configs.