Back to skill
Skillv1.0.1
ClawScan security
clawnedhub - Scan and Security your OpenClaw Instances · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 8:43 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, requirements, and instructions are broadly consistent with a security-inventory/scan agent: it needs a Clawned API key and python3, discovers skills, and only uploads file contents on an explicit scan command — but there are a few small documentation omissions and privacy points you should review before installing.
- Guidance
- This skill appears to implement what it claims: it discovers installed skills and uploads metadata during 'sync', and only uploads file contents when you explicitly run 'scan --path'. Before installing or enabling it: 1) Verify you trust the CLAWNED_SERVER (default https://api.clawned.io) — scanned files will be sent there on explicit scans. 2) Create a minimally-privileged CLAWNED_API_KEY and avoid putting other secrets in skill source files. 3) Note the agent will register itself (sends hostname and OS) and persist a small state file at ~/.openclaw/clawned_agent.json; decide whether you’re comfortable with that telemetry. 4) Review the remainder of scripts/agent.py (especially the full cmd_scan implementation) if you need stronger guarantees about exactly which files are uploaded. 5) If in doubt, run the agent in an isolated/test environment first or audit network traffic to the server to confirm behavior.
- Findings
[CRED-001] expected: The detection patterns flag reading openclaw.json as sensitive because it can contain API keys for other skills. The agent does read ~/.openclaw/openclaw.json, but the code only extracts skills.load.extraDirs and does not transmit the file contents. This behavior is consistent with locating skill directories, but reading that file is a privacy/safety-sensitive action and should be documented explicitly.
Review Dimensions
- Purpose & Capability
- okName/description (security scanner for OpenClaw skills) aligns with requested items: python3 runtime and a CLAWNED_API_KEY for communicating with a Clawned server. The code only contacts the CLAWNED_SERVER endpoint and uses the API key; no unrelated cloud credentials or extra binaries are requested.
- Instruction Scope
- noteRuntime instructions and the script are mostly scoped correctly: 'sync' discovers skills and uploads metadata, 'scan --path' collects source files and sends them to the server. However SKILL.md omits one runtime behavior the code performs: the agent registers itself by sending hostname and OS to the server during first sync. The SKILL.md privacy statements about 'what is sent' should mention agent registration.
- Install Mechanism
- okNo install spec (instruction-only + Python script included). No remote installers, no downloads, no package manager operations. The risk surface comes from the included script executing on the host, not from an installer.
- Credentials
- okOnly CLAWNED_API_KEY (and optional CLAWNED_SERVER) are required. This is proportionate to a service that uploads metadata and scanned files. The skill does read ~/.openclaw/openclaw.json to locate extraDirs; that is plausible for its purpose but is flagged by detection rules as sensitive (see scan findings).
- Persistence & Privilege
- okalways:false and model invocation defaults are normal. The script writes a local state file (~/.openclaw/clawned_agent.json) to persist agent_id/last_sync; it does not attempt system-wide changes, cron modification, or alter other skills. No elevated privileges or persistence mechanisms are requested by the code.