Skillv0.1.0

ClawScan security

worktracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 3:41 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: WorkTracker is internally consistent with its stated purpose (a small local CLI work-log tool) and does not request credentials or perform obvious network/exfiltration actions, though there are minor metadata/instruction mismatches you should note.
Guidance: This skill appears to do what it claims: a local Python-based CLI that stores logs and status under ~/.openclaw/workspace/.worktracker and does not request secrets or perform network calls in the visible code. Before installing, consider: 1) verify the full scripts (the provided worktracker.py was partially shown) to ensure there are no hidden network calls or code paths that collect host information; 2) if you expect the env-var overrides documented in SKILL.md, confirm the script actually reads WORK_LOG_PATH/WORK_STATUS_PATH (the docs and code may be out of sync); 3) note minor metadata mismatches (Node engine in config.json and a GitHub repo URL despite 'Source: unknown') — they may indicate copied boilerplate rather than malice; 4) if you want stronger isolation, run the skill in a constrained environment or sandbox before granting it access to production data. Overall the package looks coherent and local-only, but inspect the full script for any late-added network or credential usage if you require maximum assurance.

Review Dimensions

Purpose & Capability: noteThe skill declares Python3 and manages local work status/log files under ~/.openclaw/workspace/.worktracker, which matches a local work-log tool. Minor inconsistencies: config.json lists Node engine and repository/homepage fields (GitHub URL) even though the implementation is Python-only and the package source was listed as unknown; these metadata items are unnecessary but not directly harmful.
Instruction Scope: okSKILL.md instructs only CLI usage (start/update/complete/status/log/export/backup/restore) and references local file paths. Instructions do not ask the agent to read unrelated system files or external credentials. The doc mentions optional env vars (WORK_LOG_PATH, WORK_STATUS_PATH) and including IP addresses in audit logs 'if available'; the visible script does not show obvious network/host-info collection, so the scope remains local.
Install Mechanism: okThere is no remote download/install spec (instruction-only install). The package contains a Python CLI script and examples; config.json includes an install script that simply sets executable permission. No external archives or downloads are invoked by the skill metadata.
Credentials: noteThe skill does not require any credentials or environment variables. SKILL.md documents optional env vars for log/status paths, but the visible portion of the Python script uses fixed paths under the OpenClaw workspace; if the script does not actually read those env vars, the documentation is misleading. No secrets or unrelated credentials are requested.
Persistence & Privilege: okalways is false and autonomous invocation is allowed (platform default). The skill writes only to its own directory (~/.openclaw/workspace/.worktracker) and backup subdirectory; it does not request system-wide configuration changes or other skills' credentials.