Skillv1.0.0

ClawScan security

Agent Builder 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 18, 2026, 5:41 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only agent-workspace generator that asks and writes reasonable workspace files and does not request credentials, installs, or external endpoints; provenance is a bit unclear (owner IDs differ) so verify source before trusting widely.
Guidance: This skill appears coherent and low-risk because it's instruction-only and needs no credentials or installs. Before installing/using it: (1) verify the publisher/source if you need supply-chain assurance (registry ownerId vs _meta.json ownerId mismatch); (2) review any generated workspace files (SOUL.md, AGENTS.md, HEARTBEAT.md, MEMORY.md) before enabling autonomous or periodic behaviors; (3) do not put secrets or credentials into the workspace (the references explicitly warn against this); (4) keep HEARTBEAT.md disabled until you trust the agent and run the provided acceptance tests in a controlled environment; (5) if you plan to grant autonomy (allow it to act without prompting), restrict its autonomy level and confirm ask-before-destructive and ask-before-outbound rules are present. If you need stronger assurance, ask the publisher for provenance (source repo or homepage) or run the skill in an isolated/test environment first.

Purpose & Capability: okName/description match the behavior: it builds OpenClaw agent workspaces and iterates on them. It requires no binaries, env vars, or installs. Minor provenance note: published registry ownerId (kn7beqs8...) differs from the _meta.json ownerId (kn79fk2...) and homepage/source are missing — this is a trust/traceability issue but does not affect functional coherence.
Instruction Scope: okSKILL.md instructs the agent to ask clarifying questions, generate specific workspace files (IDENTITY.md, SOUL.md, AGENTS.md, etc.), and run acceptance tests. All file reads/writes are limited to agent workspace artifacts and included reference templates; there are no instructions to read unrelated system files, environment variables, or to send data to external endpoints.
Install Mechanism: okNo install spec and no code files — instruction-only. This is the lowest-risk install model and matches the skill's purpose.
Credentials: okThe skill requests no environment variables, credentials, or config paths. It does instruct reading/writing workspace files (expected for this purpose). There are no unexplained secret/token requests.
Persistence & Privilege: okalways is false and disable-model-invocation is default (agent may be invoked autonomously). The skill does not request persistent system-wide privileges or modify other skills. Generating workspace files is normal for this function.