Skillv1.0.0

ClawScan security

Skill Priority Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 12:00 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package largely does what it claims (scans skills and edits injection/tiering files), but it also writes and modifies global agent configuration files (AGENTS.md, SOUL.md, openclaw.json) and contains hard-coded file paths — behavior that is powerful and requires careful review before running.
Guidance: This package appears to implement the behavior it advertises, but it will modify global agent configuration files that can change how your agents behave (including self-improvement/evolution rules). Before running: 1) Inspect the scripts (setup.py and generate_policy_content) to verify exactly what will be written to AGENTS.md and SOUL.md. 2) Always run with --dry-run and review the generated SKILL_PRIORITY_POLICY.md and listed diffs/backups. 3) Don't use --auto until you're confident in the suggestions. 4) Check and remove/adjust the hard-coded '/Users/macmini/...' paths in the DOCX generators or avoid running those scripts. 5) Keep the backups the script creates and test changes in a sandbox or non-production agent. If you are not comfortable reviewing the files yourself, ask a trusted administrator to audit the proposed edits before applying.
Findings: [HARD_CODED_ABSOLUTE_PATH] unexpected: generate_docx.py uses a hard-coded output path '/Users/macmini/.openclaw/workspace/skills/skill-priority-setup/README.docx' (and similarly for README_CN.docx). Hard-coded user paths are brittle and may attempt to write outside expected locations. [MODIFIES_GLOBAL_AGENT_CONFIG] expected: The main setup script explicitly reads/writes openclaw.json, AGENTS.md, SOUL.md and message injector config. This is expected given the skill's goal, but it's high-impact and should be reviewed and run in dry-run mode first. [SEARCHES_USER_SKILL_PATHS] expected: The script recursively scans multiple ~/.openclaw directories for SKILL.md files. That's expected, but be aware it enumerates installed skills and their names/paths.

Review Dimensions

Purpose & Capability: noteThe skill's declared purpose (scan skills, suggest tiers, apply injection policy) aligns with the included scripts: setup.py scans ~/.openclaw paths, suggests tiers, generates a policy file, and updates AGENTS.md / SOUL.md. Requiring the ability to modify those files is coherent with the purpose, but modifying agent evolution (SOUL.md) is higher privilege than a typical configuration helper and should be justified/inspected.
Instruction Scope: concernSKILL.md tells the user to run the setup script which will read many SKILL.md files and then write to global config locations (openclaw.json, ~/.openclaw/workspace/AGENTS.md, ~/.openclaw/workspace/SOUL.md and message injector config). Those file modifications are within the stated goal, but they cross user-agent boundaries (modifying agent behavior files). The interactive review exists, but the script also supports --auto and will apply changes; ensure you run --dry-run and inspect outputs first.
Install Mechanism: noteThis is instruction-only with no install spec (no remote downloads). That lowers risk. However, included helper scripts generate DOCX files and one script writes a hard-coded absolute path (/Users/macmini/...) which is odd and may cause writes to unexpected locations or failures — this should be corrected.
Credentials: okThe package requests no environment variables or external credentials. All file access is local under the user's home (~/.openclaw). No network endpoints or API keys are requested.
Persistence & Privilege: concernThe script creates/overwrites global agent files (AGENTS.md, SOUL.md, openclaw.json, message injector config). While that matches its stated purpose (configuring injection policy), these are high-impact changes because they can alter agent behavior (including 'agent-evolution' behaviors). The skill is not always: true, but it can run in --auto mode. Treat it as high-privilege and review changes before applying.