Back to skill
Skillv1.0.0
ClawScan security
Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 13, 2026, 12:20 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only setup/configuration guide for OpenClaw; its requirements and instructions are consistent with that purpose and it contains no embedded code, installs, or unexpected credential requests.
Review Dimensions
- Purpose & Capability
- okThe name/description match the content: files contain configuration recommendations for channels, agents, gateway, memory, tools, automation and security. Nothing in the bundle asks for unrelated credentials or binaries, and no hidden functionality is present.
- Instruction Scope
- noteSKILL.md and the included docs instruct the user to run OpenClaw CLI commands (e.g., `openclaw onboard --install-daemon`, `openclaw doctor`) and to edit config files under ~/.openclaw; those are appropriate for a setup guide. The docs also include placeholders and examples referencing many environment variables/tokens (GATEWAY_TOKEN, TELEGRAM_BOT_TOKEN, OPENAI_API_KEY, etc.). The skill does not itself read or exfiltrate anything, but running the recommended commands or applying suggested settings (daemon install, gateway binding, enabling exec full access) will change system state and can expose services if misconfigured — the docs sometimes recommend insecure options in certain sections (e.g., `exec.security: