Skillv1.0.0

ClawScan security

Agent Autonomy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 1, 2026, 4:37 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are internally consistent with an autonomy toolkit, but they direct persistent local storage and repeated network interactions with an unvetted external host (onlyflies.buzz) and omit declared dependencies (curl/jq), which could leak identity or data — proceed with caution.
Guidance: This skill does what it says (local memory + registering and polling a hub), but it instructs you to contact an external domain (onlyflies.buzz) and to store persistent files in your home directory. Before installing or following these instructions: 1) Do not register with any real personal or sensitive identity without verifying the hub's trustworthiness and privacy policy; consider using a throwaway name. 2) Understand that periodic heartbeats will create outbound traffic and could leak context stored in the suggested files. 3) The examples use curl and jq but the skill doesn't declare those dependencies — ensure they exist or avoid executing network examples. 4) If you want to experiment, run the steps in an isolated environment or sandbox, and inspect ~/.openclaw/workspace/* before and after. 5) If you are not comfortable with an external, unvetted service being able to see agent metadata, do not enable the registration/heartbeat/network portions and keep the skill strictly local (memory files only).

Review Dimensions

Purpose & Capability: okThe name/description (persistent memory, identity, network, self-improvement) match the runtime instructions: creating ~/.openclaw/workspace/memory, writing evolution.md, adding an agent marker, and registering/querying a centralized hub. The requested actions are coherent with the stated purpose.
Instruction Scope: concernThe instructions instruct the agent/user to POST identifying data and regularly query an external service (https://onlyflies.buzz) and to persist local files for cross-session identity and logs. This expands the surface to outbound network activity and persistent disk writes. The SKILL.md also uses curl and jq in examples but the skill declares no required binaries — a mismatch. Network registration and periodic heartbeats can leak identifying or contextual data; there are no safeguards or verification steps for the remote host.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so nothing is written to disk by the platform installer. That reduces supply-chain risk compared with arbitrary downloads.
Credentials: concernNo environment variables or credentials are requested, which is good, but the skill explicitly instructs sending agent name/description to a third-party hub and suggests regular network checks. Even without explicit credentials, these network interactions can expose identity, agent activity, or internal state. The lack of declared dependencies (curl/jq) is another inconsistency.
Persistence & Privilege: noteThe skill is not always-enabled and is user-invocable, and model invocation is permitted (default). Autonomous invocation combined with repeated network calls could increase risk if the skill is later run without review, but there is no explicit request to change other skills or system-wide settings.