Skillv1.0.2

ClawScan security

sf-express · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 21, 2026, 3:30 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent for an SF Express helper: it stores local history/subscriptions and implements local encrypted storage, and it does not request unrelated credentials or external services — however, there are implementation issues and privacy trade-offs you should understand before installing.
Guidance: This skill appears to do what it claims: local tracking, estimates and local persistence for history/subscriptions/addresses. Before installing: (1) Review the code (already included) if you plan to store sensitive addresses or phone numbers. (2) Note the skill creates ~/.openclaw/data/sf-express/ and a secure/ directory with a .key file (mode 600) — verify you are comfortable with local storage. (3) The encryption implementation contains a likely bug in key derivation/usage which may undermine encryption or cause the skill to fail; ask the author to fix key handling (Fernet expects a urlsafe_b64encoded 32-byte key). (4) Install dependencies in an isolated Python virtualenv and test in a sandbox before giving it real PII. (5) If you need stronger guarantees, request that the maintainer document the encryption design or remove local storage of sensitive fields. If you want, I can point to the exact lines/changes to fix the key handling and harden storage behavior.

Review Dimensions

Purpose & Capability: okName/description match the included code: tracking, estimates, history, subscriptions, address storage and privacy controls. No unrelated environment variables, binaries, or external cloud credentials are requested.
Instruction Scope: okSKILL.md describes only SF Express workflows and explicitly documents local persistence and privacy commands. The runtime files operate on ~/.openclaw/data/sf-express and do not reference other system-wide config or unrelated paths in the shown code.
Install Mechanism: okThis is an instruction/code bundle with no install spec; dependencies are listed in requirements.txt (aiohttp, cryptography, etc.). No external download URLs or archive extraction are present. Installing the Python dependencies via pip is the expected mechanism.
Credentials: noteThe skill requests no env vars or external tokens (proportionate). It does persist user data (query history, subscriptions, addresses) on disk and stores a local key file at ~/.openclaw/data/sf-express/secure/.key (mode 600). Storing address/phone data is sensitive — the persistence is reasonable for the stated functionality but users should be aware. Also, the local encryption implementation has a suspicious/incorrect key handling pattern (PBKDF2 used with random inputs and base64 encode/decode steps) that likely breaks or weakens encryption; this is an implementation bug rather than an indication of malicious intent, but it affects the privacy guarantees.
Persistence & Privilege: noteThe skill persists data under the user's home directory and provides privacy commands to inspect/clear/export that data. always:false (no forced global presence). Persisting subscriptions/history/addresses is appropriate for the feature set, but because the skill stores potentially sensitive PII and a local key file, you should review or audit the storage and encryption behavior before storing secrets.