Back to skill
Skillv1.0.0
ClawScan security
Billy Emergency Repair · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 15, 2026, 4:10 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions are coherent with an emergency repair task, but they rely on and would execute local scripts, SSH keys, and specific filesystem paths that are not declared in the metadata — a mismatch that could hide dangerous or unexpected behavior unless the referenced scripts are inspected first.
- Guidance
- This skill tells the agent to run local repair scripts and touch SSH keys and config files, but the package does not include those scripts or declare the sensitive files it will access. Before installing or enabling it: (1) inspect the exact scripts referenced (~/.openclaw/workspace/scripts/emergency-repair/*.sh) to confirm they only do what you expect; (2) verify the authorization check is enforced by the script (and not just by this README text); (3) ensure backups and dry-run options exist; (4) restrict autonomous invocation (disable-model-invocation) or require manual confirmation so repairs only run when Neill explicitly approves; and (5) confirm log and backup destinations are appropriate and do not leak secrets. If you cannot inspect or trust the referenced scripts, treat this skill as high-risk and do not enable it.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: SSH to 'Billy', clear tokens, back up config, restart gateway and report. The actions described are within the stated purpose of an emergency authentication repair.
- Instruction Scope
- concernSKILL.md instructs the agent to run local scripts (e.g. ~/.openclaw/workspace/scripts/emergency-repair/fix-billy-auth.sh and setup-billy-repair-keys.sh), perform SSH via Tailscale, back up configs and delete tokens. Those are high-impact operations and the skill assumes the presence and behavior of local scripts whose contents are not included in the package — the instructions therefore grant broad operational capability without showing what will actually run.
- Install Mechanism
- okThere is no install spec and no remote download. The skill is instruction-only, so nothing will be written or fetched by the registry package itself.
- Credentials
- concernMetadata declares no required env vars or config paths, yet SKILL.md references specific files and credentials: ~/.ssh keys, ~/.openclaw workspace scripts, and writing logs under /home/neill/.openclaw. The skill will need access to local SSH keys and filesystem paths (sensitive credentials) but does not declare or document them in the metadata — this mismatch is disproportionate and reduces transparency.
- Persistence & Privilege
- noteThe skill is not marked always:true and has no install. However the platform default allows autonomous invocation (disable-model-invocation:false). SKILL.md demands 'Neill-only' authorization, but enforcement depends on the local scripts. Combining an agent-capable skill that can run local high-privilege scripts with no extra safeguards is risky; consider requiring explicit manual confirmation or disabling autonomous invocation unless you trust and have audited the scripts.