Back to skill
Skillv1.0.0
ClawScan security
Wallet Choice Advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 15, 2026, 11:36 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill claims to be prompt-only and not inspect devices, but its handler code reads a hard-coded local SKILL.md path in a specific user's home directory — an incoherence that should be explained before installing.
- Guidance
- This skill's description says it's prompt-only, but handler.py reads a hard-coded local path (/Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md). Ask the maintainer why the code needs to read files from a specific home directory and whether that will run in your environment. Prefer a version that reads only its packaged SKILL.md (relative path) or remove the file-access logic. If you don't get a satisfactory explanation, avoid installing or running it with accounts that have access to sensitive files. The current issue could be an innocent developer leftover, but it is an unexplained discrepancy and worth clarifying before use.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md says the skill is prompt-only and does not inspect devices or integrate with wallets. The included handler.py attempts to read a SKILL.md from a hard-coded local path (/Users/jianghaidong/.openclaw/skills/{skill_name}), which is not needed for a prompt-only decision helper and does not match the declared behavior.
- Instruction Scope
- concernRuntime instructions explicitly state 'no device inspection', but handler.py reads from the local filesystem. This is scope creep: the code accesses a user-specific filesystem location that the SKILL.md says it will not touch.
- Install Mechanism
- okNo install spec and no downloads are present; the skill is largely instruction-only with small local code files, so there is no external installation risk.
- Credentials
- concernThe skill declares no required environment variables or config paths, yet the code reads an absolute path in a user's home directory. That file access is not declared and may allow reading unrelated local skill files; the credential/environment requests are currently inconsistent with the implementation.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide changes or persistent presence. It does not modify other skills or global settings in the provided code.