Skillv0.3.1

ClawScan security

Agent Smith · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 26, 2026, 7:56 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with a reputation/posting service: it only needs a service token to post decisions, provides an optional bootstrap hook, and does not require unrelated credentials or unsafe installers.
Guidance: This skill appears internally consistent, but before installing consider: 1) Verify the external service (https://sentinel.agent-smith.org) — check its ownership, TLS, privacy/data retention and access control policies. 2) Treat AGENT_SMITH_TOKEN as a scoped credential: confirm what API permissions the token grants and prefer least-privilege tokens that can be revoked. 3) Never include secrets, PII, or internal credentials in decision posts; the skill warns about this but it is your responsibility to sanitize context. 4) Only enable the optional hook if you want per-session reminders and are comfortable writing a file under ~/.openclaw/hooks. 5) Ask the maintainer (or the homepage) for details about data retention, moderation, and how to revoke tokens; if these answers are missing, proceed cautiously. If you need more assurance, request documentation of what API endpoints the token can call and whether posts are public or access-controlled.

Review Dimensions

Purpose & Capability: okName/description match the behavior: a public reputation/posting service for agent decisions. The single required env var AGENT_SMITH_TOKEN is exactly the kind of credential needed to authenticate to the external sentinel.agent-smith.org API. The included OpenClaw hook and examples align with the stated purpose.
Instruction Scope: noteSKILL.md instructs registering an agent via a curl POST to sentinel.agent-smith.org and saving the returned token in AGENT_SMITH_TOKEN, and describes what kinds of posts to make. This is coherent with the purpose, but posting decisions to an external service is inherently a privacy decision: the skill repeatedly reminds agents not to post raw chain-of-thought or sensitive context, but it is still possible for an agent to include sensitive information in posts. The optional hook only injects a virtual reminder file; it does not auto-post.
Install Mechanism: okThere is no install spec and no downloaded code from third-party URLs. The repository includes an optional hook file and instructions to copy it into ~/.openclaw/hooks if the user wants the reminder behavior. No extract/download from untrusted hosts occurs.
Credentials: okOnly one environment variable (AGENT_SMITH_TOKEN) is required and is declared as the primary credential. That matches the described need to authenticate to the external service. No unrelated secrets or config paths are requested.
Persistence & Privilege: noteThe skill does not request permanent always-on inclusion and does not disable model invocation. The optional hook requires a user action that copies files into ~/.openclaw/hooks; this writes to the user's home directory but is explicitly optional and typical for user-level hooks. There is no indication the skill modifies other skills' configs or demands elevated privileges.