Skillv1.0.0

ClawScan security

openclaw-engineering-harness · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 5, 2026, 6:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested capabilities are consistent with a local engineering workflow harness; it reads and edits repository files and a local memory index and performs audits, which match its stated purpose.
Guidance: This skill appears to do what it says: inspect a codebase, make minimal changes, run constraint/audit checks, and prepare exports. Important points before you install or run it: - It will read and may update .claude/MEMORY.md and other .claude memory-topic files — review that directory for sensitive content first. - The skill is permitted to run git commands (checkout, reset, add, commit). Ensure your working tree is backed up or committed and that you trust automated commits before allowing the skill to write/commit. - The scripts perform local audits to block host paths and network literals on export; they do not contain outbound network calls or require credentials. - If you want tighter control, run the skill in a sandbox or restrict it to read-only mode initially (deny Write/Edit/Bash commit tools) until you are satisfied with its behavior. - Review scripts/runtime_support.py and the run_*.py scripts (they're included) if you want to confirm specific behaviors; the package is self-contained and uses only standard library modules.

Review Dimensions

Purpose & Capability: okName/description (engineering workflow: discover, implement, verify, deliver) align with included scripts, policy files, and allowed tools. Tools and git operations (read/edit/write, Bash git commands, python3) are appropriate for implementing and validating small code changes and producing exports.
Instruction Scope: noteRuntime instructions explicitly tell the agent to read and update a local memory index (.claude/MEMORY.md), discover and edit code, run constraint/audit scripts, and perform git operations. This is appropriate for an engineering harness but does give the skill authority to read and modify hidden project files and commit changes to the repository — a potentially sensitive action that is coherent with the stated purpose.
Install Mechanism: okNo install spec or external downloads are present; all runtime artifacts are included in the package as Python scripts and JSON/markdown policies. This is low-risk and proportionate.
Credentials: okThe skill requests no environment variables, credentials, or external endpoints. Its file- and git-based operations are consistent with local engineering tasks and do not require unrelated secrets.
Persistence & Privilege: noteThe skill is not always-on and does not request elevated system privileges, but it does instruct writing into the project's memory index (.claude/*) and can run git commit/reset commands. Those are necessary for its purpose but mean it can persist changes in the repository and local memory; review and consent are recommended before allowing writes/commits.