Back to skill
Skillv2.0.0
ClawScan security
Arknights Operator Gacha · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 9:00 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and behavior match its stated purpose: it scrapes Arknights wiki pages, creates a local agent workspace, downloads avatars from fandom/prts domains, and generates character content — nothing requested or installed appears disproportionate or unrelated.
- Guidance
- This skill appears coherent and limited to creating local agent workspaces with data scraped from Arknights Fandom/PRTS. Before installing, confirm you trust the skill source; ensure you have python3, requests, git, and a configured openclaw CLI. Note the worker will (1) create a workspace under ~/.openclaw/workspace-<agent>, (2) run `openclaw agents add` (which alters your agent config), (3) download avatar images from fandom/prts domains, and (4) make local git commits. If you want to be cautious, run the worker with --dry-run or inspect generated files in a sandboxed account before letting it create agents in your primary environment.
Review Dimensions
- Purpose & Capability
- okName/description (generate Arknights operator agents) align with the included worker and instructions: the script fetches operator lists, downloads avatars, creates local agent workspaces, and the LLM produces SOUL.md and roleplay. No unrelated credentials, binaries, or network endpoints are requested.
- Instruction Scope
- okSKILL.md instructs the agent to run the included worker script, fetch specific wiki pages (Fandom, PRTS), write SOUL.md/IDENTITY.md, create an agent via the openclaw CLI, download avatars, and git-commit. All referenced files/URLs and actions are coherent with the described workflow. The instructions do not ask the agent to read unrelated system files or exfiltrate arbitrary data.
- Install Mechanism
- okNo install spec (instruction-only + bundled worker script). The skill ships a Python worker (no remote downloads or installers) and relies on standard tools (python, requests, openclaw CLI, git). This is low-risk and proportional to the functionality.
- Credentials
- okRequires no environment variables or external credentials. The worker runs network fetches only to fandom/prts domains and downloads avatar images from an explicit domain whitelist. It creates files under ~/.openclaw/workspace-<agent>, which is appropriate for an agent-creation tool.
- Persistence & Privilege
- okalways:false and user-invocable. The worker creates and commits files under the user's OpenClaw workspace and invokes the openclaw CLI to add agents — this is expected behavior for a skill that provisions agents. It does not request global system modifications or other skills' credentials.