Skillv1.0.0

ClawScan security

agentcadia-tools · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 5, 2026, 6:58 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are internally consistent with its stated purpose of uploading/downloading Agentcadia workspaces; it neither requests unrelated credentials nor installs external code.
Guidance: This skill appears coherent and implements the claimed upload/download flows. Before installing or running it: 1) Only use with a trusted Agentcadia origin and task/token you obtained from a trusted workflow. 2) Treat upload/download tokens as secrets — do not paste them into public chat or logs; verify the final JSON output for any accidental token exposure before sending it to others. 3) The skill will read and package any files in the chosen workspace — remove any secrets or credentials from the workspace before uploading. 4) The runtime (host) is responsible for delivering the owner-facing messages and images exactly as SKILL.md requires; verify your runtime won't unintentionally leak internal upload URLs or tokens when forwarding script responses. 5) The download path fallback will create ~/.openclaw/workspace if no workspace is found; confirm that behavior is acceptable. If you want extra assurance, review the remainder of upload_agentcadia.py (truncated here) to confirm it does not print or return sensitive tokens or internal URLs in its final output.

Review Dimensions

Purpose & Capability: okName/description match what the code does: the included scripts implement upload and download flows against a user-supplied Agentcadia origin and tokens. There are no unrelated required env vars or binaries and the CLI args (taskId, token, origin, workspace, metadata) are appropriate for the stated functionality.
Instruction Scope: okSKILL.md instructs the agent to synthesize metadata from workspace files and to call the bundled scripts; the scripts accept metadata and workspace paths and perform only the expected actions (HTTP calls to the provided origin, zipping skill dirs, extracting downloads, writing files). The runtime must implement owner messaging (metadata text + image) as SKILL.md requires — the scripts emit JSON results but do not perform messaging themselves. The scripts only read files inside the chosen workspace and temporary directories.
Install Mechanism: okThis is instruction-only (no install spec). All code is bundled in the skill; nothing is downloaded or written to disk beyond normal temporary files created at runtime. No external install URLs or archive extraction during install.
Credentials: okThe skill requests no environment variables or system-level credentials. Sensitive values (upload/download tokens) are passed as CLI arguments by design, which is proportional to the task. The scripts read workspace files (expected for packaging/upload) — ensure those files do not contain secrets you don't want uploaded.
Persistence & Privilege: okThe skill does not request permanent or always-on presence (always: false). It does not modify other skills or system-wide settings; it uses ephemeral temp directories for packaging and extraction.