Back to skill
Skillv1.0.3
ClawScan security
Skills Creator — Build High-Quality OpenClaw Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 2:30 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a coherent, instruction-only meta-skill for authoring and reviewing OpenClaw skills; its files, scope, and requirements match its stated purpose and it requests no sensitive access.
- Guidance
- This skill is a documentation/meta-skill and appears internally consistent. Before using it: (1) Trust but verify — when it generates scripts or publishes frontmatter, review any generated code and metadata before running or publishing. (2) If you follow its Mode 4 (add API integration), ensure any external API keys are only provided when truly needed and that package versions are pinned (the skill itself recommends pinning). (3) When the skill helps you create other skills, manually review those new skills' frontmatter, required bins, and env vars before installing or granting credentials.
Review Dimensions
- Purpose & Capability
- okThe name and description match the provided SKILL.md, README, templates, and reference docs. All declared capabilities are instructional (authoring/reviewing skills) and the package requests no binaries, env vars, or credentials — appropriate for a meta, documentation-style skill.
- Instruction Scope
- okSKILL.md provides LLM-directed writing and review workflows, templates, and checklists. It does not direct the agent to read arbitrary system files, exfiltrate data, or contact external endpoints. It explicitly warns not to auto-execute generated scripts without user confirmation.
- Install Mechanism
- okNo install spec or code is included (instruction-only). This minimizes disk write/execute risk and is proportionate to a documentation/meta skill.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is appropriate for its stated purpose; nothing requests unrelated secrets or access.
- Persistence & Privilege
- okFlags show normal defaults (always: false, model invocation enabled). The skill does not request permanent/global privileges or attempt to modify other skills or system-wide settings.