Skillv1.0.0

ClawScan security

Clawpilot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 3:34 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: ClawPilot's claimed purpose (an OpenClaw installer/auditor/copilot) matches the files and runtime instructions; it bundles local audit/inspection scripts that will read OpenClaw config and session data and fetch official docs/releases — this is coherent with its stated goal but requires careful review before executing scripts.
Guidance: This skill appears coherent with its stated purpose: it bundles documentation and local bash scripts to audit, inspect, and advise on OpenClaw installations. Before running: (1) Review the bundled scripts (security_audit.sh, session_scanner.sh, config_inspector.sh, prompt_checker.sh) so you understand exactly what files they read and what they output; (2) Expect the scripts to read ~/.openclaw, openclaw.json, agent prompts, and session transcripts — these may contain API keys or sensitive tokens; run them in a safe environment or backup and redact sensitive material first; (3) The skill will perform network checks (GitHub/releases/docs.openclaw.ai) for updates — if you need offline operation, disable that step; (4) Be cautious about applying auto-fixes (openclaw --fix or audit --fix) in production without human review; the SKILL.md emphasizes security-first review, but confirm the agent asks for permission before making changes; (5) If you are not comfortable running third-party scripts with access to your OpenClaw state, inspect or run them manually yourself instead of allowing the agent to execute them autonomously. My confidence is medium because the scripts are bundled (we see filenames and sizes) but their full contents were truncated here; reviewing those scripts would raise confidence further.

Review Dimensions

Purpose & Capability: okName/description (OpenClaw expert, security-first auditing, deploy/troubleshoot gateway) matches the included reference docs and the bundled scripts (security_audit.sh, config_inspector.sh, prompt_checker.sh, session_scanner.sh). No unrelated credentials, unusual binaries, or external services are declared as required.
Instruction Scope: noteSKILL.md explicitly tells the agent to run bundled bash scripts and to inspect openclaw.json, ~/.openclaw, SOUL.md/AGENTS.md, and session transcripts. That scope is consistent with an auditing/troubleshooting skill, but it necessarily requires reading local configuration and session files (potentially containing secrets). The skill also instructs network checks (GitHub releases, docs.openclaw.ai) for updates — expected for an auto-update check. Users should expect the scripts to enumerate and scan local files and to print or summarise findings (including any discovered secrets) unless the agent/redaction is configured.
Install Mechanism: okNo install spec; instruction-only with bundled scripts. This is lower-risk than an installer that downloads/extracts arbitrary code. The scripts are included in the package (no remote, opaque download URLs referenced in SKILL.md).
Credentials: noteThe skill declares no required env vars or credentials. The reference docs describe many OpenClaw-related env vars (AWS keys, channel tokens, etc.) because the skill helps you manage OpenClaw; that is documentation for the target system, not credentials the skill requests. However the session_scanner/security_audit scripts are expected to search config files and ~/.openclaw for secrets — this is proportional to an audit tool but means the scripts will access sensitive data locally. The skill does not ask for unrelated third-party credentials.
Persistence & Privilege: notealways:false (no forced permanent inclusion). The skill includes mark_updated.sh and a .last_update_check marker behavior described in SKILL.md (the scripts will write small marker files in the skill directory), which is plausible for update checks. The skill can be invoked autonomously by agents (platform default) — reasonable for an assistant skill but increases impact if the agent runs audit/fix actions without explicit confirmation; SKILL.md emphasizes security review before recommending changes.