Skillv1.0.0

ClawScan security

Config Preflight Validator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 12:42 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (local JSON Schema validation for OpenClaw config) and do not request unrelated credentials or installs.
Guidance: This skill appears to do what it says: local schema validation for OpenClaw configs. Before installing or running it, (1) confirm you trust the 'openclaw' CLI that the script may invoke (the script will call it to fetch a schema), (2) note it will create/read a cache at ~/.openclaw/workspace/.lib/openclaw_schema.json, and (3) consider installing the jsonschema package (pip install jsonschema) for stricter validation. Also be aware of the small packaging mismatch: you may need to place the provided script where the SKILL.md examples expect or run it by its explicit path.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, and the included Python script are consistent: the tool fetches a live schema (via the openclaw CLI), caches it, and runs local validation. The script's use of subprocess to call the 'openclaw' CLI and simple local file I/O is coherent with the stated purpose. Minor note: the SKILL.md examples reference running the script from ~/.openclaw/workspace/.lib but the repo provides scripts/config-preflight-validator.py — a packaging/location mismatch (not a security mismatch).
Instruction Scope: okRuntime instructions and the script limit their operations to: calling the 'openclaw gateway config.schema' CLI (optional), reading the specified config file, and reading/writing a schema cache under the user's home (~/.openclaw/...). There are no network calls to external endpoints from the script itself, no access to other parts of the filesystem beyond the explicit cache and user-supplied file path, and no broad, vague instructions that grant the agent discretionary data collection.
Install Mechanism: okNo install spec (instruction-only) and a single small Python script are provided. This is the lower-risk pattern: nothing is downloaded at install time. The script optionally prefers the jsonschema package for full validation (documented).
Credentials: okThe skill requests no environment variables or credentials. The script relies on PATH to locate the 'openclaw' CLI and uses the user's home directory for a cache — both are proportional to its purpose. There are no hidden secret accesses.
Persistence & Privilege: okThe skill does not request persistent or platform-level privileges (always is false). It writes a local schema cache under the user's home directory, which is expected for this functionality and limited in scope. The skill does not change other skills' configs or system-wide settings.