Skillv1.0.6

ClawScan security

Blog Polish Zhcn Images · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 14, 2026, 4:19 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's behavior matches its description (reads a draft, produces a polished/translated markdown and image prompts) and it makes no unexpected external requests or credential demands; the only minor mismatch is it relies on jq/UNIX utilities but declares no required binaries and the translation is simulated rather than actually calling a translator.
Guidance: This skill appears coherent and not malicious, but check a few practical items before installing: 1) Ensure jq (and basic UNIX utilities) are available in the agent environment — the workflow uses jq but the skill metadata doesn't declare it. 2) Note the SKILL.md currently 'simulates' translation rather than invoking a translator; if you expect a real machine translation step, confirm or update the skill. 3) The skill will read the draft path you provide (default: ~/.openclaw/workspace/contentDraft/latestDraft.md) and write outputs under ~/.openclaw/workspace/contentPolished/ — make sure you trust those files and review outputs before publishing. 4) There are no network calls or credential requests in the instructions, but verify your runtime (OpenClaw agent environment) does not implicitly forward file contents to external services if that concerns you.

Purpose & Capability: noteThe name/description (polish + zh-CN translation + image prompts) aligns with the workflow: it reads a draft, writes a polished file, and emits image prompts. One inconsistency: the workflow uses jq (and standard UNIX tools like date/mkdir/cat) but the skill metadata declares no required binaries; jq availability is assumed but not declared.
Instruction Scope: okInstructions operate only on the declared draft and output paths under the user's home (~/.openclaw/workspace/...). They read the draft file and write a polished markdown and prompt text. The SKILL.md explicitly states the translation is 'simulated' and the skill does not attempt to call external APIs or transmit data to third-party endpoints.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk beyond the outputs the workflow creates. That is the lowest-risk install model.
Credentials: okThe skill requests no environment variables, credentials, or config paths. It only requires read/write access to the draft/output paths (defaults under ~/.openclaw/workspace). This is proportionate to its stated purpose.
Persistence & Privilege: okalways is false and the skill does not request persistent system-level changes or modify other skills. It writes outputs only to its own output directory and uses the platform's save_state/load_state workflow primitives.