Skill Manager
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: skill-manager Version: 1.0.3 The 'Skill Manager' skill is designed to manage the lifecycle of other OpenClaw skills, including suggestions, installation, updates, and removal. Its instructions explicitly state that it will only perform installations, updates, or removals with explicit user consent, and it restricts its file access to `~/skill-manager/inventory.md`. While the core functionality involves executing `npx clawhub` commands which download and execute code from a registry, this is the intended and documented mechanism for skill management within the OpenClaw ecosystem. The skill's documentation includes a 'Security Note' warning users about reviewing skills before installation, demonstrating transparency rather than malicious intent. There is no evidence of data exfiltration, unauthorized persistence, obfuscation, or prompt injection attempting to subvert the agent's purpose or bypass user consent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the skill can change which skills are installed and available to the agent.
The skill can direct install, update, and uninstall actions that change the user's installed skills, but the artifact explicitly requires consent before those actions.
Always get consent before install/update/remove
Only approve installs, updates, or removals after reviewing the target skill and confirming the slug is correct.
Installing or updating another skill may introduce code or instructions from the registry into the user's environment.
The skill transparently discloses that its management commands rely on registry-sourced code execution, which is expected for this purpose but still supply-chain relevant.
This skill uses `npx clawhub` commands which download and execute code from ClawHub registry.
Review skill details and provenance before approving any install or update.
The agent may reuse this local inventory to avoid repeated suggestions and to guide future lifecycle management.
The skill stores persistent local memory about installed skills and declined suggestions, including the user's stated reason.
Inventory at `~/skill-manager/inventory.md`... Skills user installed... Skills user explicitly declined
Avoid putting sensitive personal details in declined-skill reasons, and review or delete ~/skill-manager/inventory.md if preferences should be cleared.