Skillv1.0.0

ClawScan security

OpenClaw Sacred Rules · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 7:28 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (config backups, auth troubleshooting, and recovery) broadly matches the scripts provided, but there are inconsistencies and risky behaviours in the instructions and scripts (notably a hardcoded path and un-declared handling of sensitive files) that warrant caution before installing.
Guidance: Before installing or running this skill: (1) Review and fix the reset_cooldowns.sh embedded Python: it hardcodes '/Users/admin/...' which is inconsistent with the shell AUTH_FILE ($HOME) and can cause modifying the wrong file — correct it to use the same $AUTH_FILE path. (2) Recognize these scripts will read/copy/modify sensitive files (~/.openclaw/.env and auth-profiles.json). Only run them on a trusted machine, never as root, and ensure backup directories are private and/or encrypted. (3) Confirm the backup flow: safe_backup.sh copies .env and auth-profiles.json into $HOME/openclaw-backups — ensure that directory has restrictive permissions (700) to avoid leaking secrets. (4) If you do not trust the source, don't run the scripts; instead manually inspect and adapt them (especially remove or correct the hardcoded path and add explicit permission/ownership checks). (5) Ask the publisher or maintainer for clarification of required file/permission access and for a signed canonical source; prefer a skill that declares the exact sensitive files it touches and documents backup storage protections. If you want, I can produce a corrected version of reset_cooldowns.sh (and its Python block) that consistently uses $HOME and adds safety checks and permission-locking for the backup directory.

Review Dimensions

Purpose & Capability: noteThe name/description match the actual scripts: they validate configs, create backups, check auth status, and reset cooldowns. However the manifest declares no required environment or filesystem access while the scripts clearly operate on sensitive OpenClaw files under $HOME/.openclaw (openclaw.json, .env, auth-profiles.json). That mismatch (no declared sensitive access but actual file operations) is unexpected and should be clarified.
Instruction Scope: concernSKILL.md repeatedly warns 'Never directly read auth-profiles.json' yet scripts (safe_backup.sh and reset_cooldowns.sh) copy and, in the case of reset_cooldowns, parse and modify auth-profiles.json. reset_cooldowns.sh backs up a path using $HOME but the embedded Python uses a hardcoded '/Users/admin/...' path, meaning the script will back up one file and modify another — an incoherence that can result in unexpected modifications or failures. The scripts also copy ~/.openclaw/.env (which contains secrets) to a backup dir; the SKILL.md does not discuss backup protection or permissions.
Install Mechanism: okNo install spec or external downloads — the skill is instruction-only and provides local scripts. This is lower risk than fetching remote binaries. Still, provided scripts will be written to disk as part of the skill bundle, so they should be audited (as done here).
Credentials: concernThe registry metadata declares no required environment variables or credentials, but the scripts expect and source ~/.openclaw/.env and operate on auth-profiles.json (containing API keys and passwords). Backing up and copying .env and auth-profiles.json is a legitimate need for a backup/recovery tool, but the skill should have explicitly declared that it requires access to these sensitive files and should describe how backups are protected (permissions/encryption).
Persistence & Privilege: notealways:false and no automatic persistence is requested. The skill does modify OpenClaw files when you run its scripts (intended behavior for a recovery tool) but it does not ask for global/always-on privileges or attempt to change other skills' configurations. The risk is limited to the actions of these scripts when invoked.