Skillv2.1.4

ClawScan security

Skill Trigger V2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 27, 2026, 8:35 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package claims to be a documentation-only, non-runnable artifact, but includes runnable matching and installer code plus inconsistent metadata and hard-coded paths — likely a sloppy or mismatched release rather than clearly malicious, but you should review before installing.
Guidance: Key points to consider before installing: - Inconsistency: The published SKILL.md/README claim this release is documentation-only (runtime removed), but the package actually contains runnable code (core matching engine and setup/wizard). Treat this as a red flag for sloppy release management — not necessarily malicious, but you should not run it blindly. - Hard-coded paths: setup/wizard.py contains absolute paths (/Users/macmini/.openclaw/workspace) in its check commands. That is a developer artifact that can cause failures or unexpected behavior on your machine. Review and, if needed, edit the script to use your actual workspace path before running. - Version mismatches: Different files disagree on the minimum semantic-router/skill-index versions (e.g., package.json lists semantic-router >=7.7.2 while SKILL.md/wizard/core reference >=2.0.0). Confirm which versions you actually need and where those dependencies will be installed from. - File access: The code will read skill_index.json and pools.json and will create ~/.openclaw/workspace/.lib/skill_trigger_config.json. That is expected for a trigger, but confirm those files contain only expected metadata and not secrets. Do not run the wizard with elevated privileges. - Provenance: The registry metadata lacks a clear homepage and the owner ID is opaque. If you plan to install, fetch the package source from a trusted repository (the package.json repository URL is github.com/openclaw/skill-trigger-v2 — verify the repo, tags, and author commit history) and inspect the full code in a safe environment. - Safe testing: Run any install/init/check commands inside a disposable container or VM (or at least with a backup of your ~/.openclaw workspace). Search the code for unexpected network calls, telemetry, or subprocess invocations before allowing it network access. If you want, I can: - point out exact lines in core.py and wizard.py to inspect or sanitize (e.g., replace hard-coded paths), - produce a short checklist of commands to safely inspect or sandbox the package, - or attempt to summarize the remaining truncated portion of core.py if you provide it.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and README repeatedly state this is a 'framework-only' or 'documentation-only' release with runtime matching removed, yet the package contains a fully implemented matching engine (skill_trigger_v2/core.py) and an installer wizard (setup/wizard.py). That mismatch (documented-as-non-executable vs. actual executable code) is incoherent and worth scrutiny.
Instruction Scope: noteRuntime instructions direct you to run setup/wizard.py (check/init/verify) which read and write files under the user's workspace (~/.openclaw/workspace/.lib/*). Reading the skill index and pools.json is expected for a trigger plugin, but the wizard contains hard-coded developer paths (/Users/macmini/.openclaw/workspace) in check commands — this can fail or behave unexpectedly on other systems.
Install Mechanism: okThere is no download-from-URL install spec in registry metadata; the skill is instruction- and code-file based. It does not embed external arbitrary download URLs. The only external operations are recommendations to run 'clawhub install' for declared dependencies.
Credentials: noteThe skill does not request environment variables or credentials in metadata. It does read/write files in the user's OpenClaw workspace (skill_index.json, pools.json, skill_trigger_config.json) which is proportional for a trigger service. Note the inconsistent version constraints across files (package.json, SKILL.md, wizard.py, core.py) which may prompt the wizard to suggest installing/upgrading dependencies unexpectedly.
Persistence & Privilege: okThe skill does not declare always:true and does not attempt to alter other skills or global agent configuration beyond writing its own config (~/.openclaw/workspace/.lib/skill_trigger_config.json). That behavior is normal for an installable skill.