Skillv1.0.2

ClawScan security

Log Scrubber · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 3:04 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose: a local, instruction-only tool that scans and redacts secrets from the OpenClaw workspace and writes backups; there are no unrelated credentials, network calls, or install steps.
Guidance: This skill appears internally consistent and performs local redaction as described, but take these precautions before enabling it: 1) Run the --dry-run first to see what would be changed. 2) Back up important files (the script creates .bak files but keep your own backups). 3) Review the regex patterns to ensure they match your secret formats and to reduce false positives/negatives. 4) Be aware it opens files as UTF-8 text and will attempt to rewrite any file under memory/ and logs/ (binary files could error or be corrupted). 5) Verify you trust the source (homepage points to a repo) before installing — the code is simple and local, but always prudent to confirm provenance.

Review Dimensions

Purpose & Capability: okThe name/description (redact API keys/tokens from workspace logs and memory) matches the shipped code and SKILL.md. The script only reads /root/.openclaw/workspace/{memory,logs} and MEMORY.md and performs regex-based redaction — these are proportionate to the stated purpose.
Instruction Scope: okSKILL.md and the script consistently instruct scanning the workspace and offer a dry-run. The script modifies files in-place (saving .bak backups) as documented. There is no instruction to read unrelated system files, environment variables, or to transmit data externally. Note: it operates recursively on all files under the target dirs and opens files as UTF-8 text — this may produce errors or miss non-text files, but that is an implementation detail rather than scope creep.
Install Mechanism: okInstruction-only skill with one included Python script and no install spec. No external downloads or package installation steps are present, so nothing is written to disk beyond the script itself and its normal runtime backups.
Credentials: okNo environment variables, credentials, or external endpoints are requested. The only resources accessed are the workspace paths declared in SKILL.md and the script. This access is consistent with the purpose.
Persistence & Privilege: okalways is false and the skill does not request elevated privileges or modify other skills or global agent configuration. It does persist changes to workspace files (and creates .bak backups), which is expected for a redaction tool and is disclosed in SKILL.md.