Skillv1.0.0

ClawScan security

Auto Drive · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 12:04 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, install steps, and requested API key match its stated purpose (upload/download and chain-based memory storage on Autonomys' Auto-Drive); there are a few minor hygiene issues to review before installing.
Guidance: This skill appears to do what it says: upload/download files and manage a linked-list memory chain on the Autonomys Auto-Drive service, and it requires one API key (AUTO_DRIVE_API_KEY). Before installing: - Verify you trust the endpoints (mainnet.auto-drive.autonomys.xyz, public.auto-drive.autonomys.xyz, gateway.autonomys.xyz, and explorer.ai3.storage). The skill will send your API key to those domains. - Understand permanence/privacy: data uploaded is meant to be permanent and content-addressed; avoid uploading secrets or sensitive personal data you would not want stored immutably. - Check where the skill will store your API key: by default it writes to $HOME/.openclaw/openclaw.json and $HOME/.openclaw/.env (files are chmod 600), but if OPENCLAW_DIR is set the skill will write there. If you have a custom environment that sets OPENCLAW_DIR or OPENCLAW_WORKSPACE, review those values first. - If you want tighter control, create an API key with restricted scope on the provider side (if possible) and be prepared to rotate/revoke the key if needed. Overall I find the package coherent with its stated purpose; the listed notes are about configuration hygiene and privacy rather than functional or hidden malicious behavior.

Review Dimensions

Purpose & Capability: okName/description (Auto-Drive / Autonomys Network storage) align with the code and docs: scripts perform uploads, downloads, create a linked-list memory chain, verify API key, and save the key to OpenClaw config. Required binaries (curl, jq, file) and the single required env var (AUTO_DRIVE_API_KEY) are appropriate for the described network API usage.
Instruction Scope: noteSKILL.md and the scripts are narrowly scoped to storage and memory-chain operations. The setup flow is interactive and asks the user to sign in and paste an API key. Scripts read and write local files (state file in workspace, MEMORY.md if present, and OpenClaw config/.env). This is expected for a persistence/backup skill, but users should note the skill will modify files in ~/.openclaw (or an alternate OPENCLAW_DIR if set) and may append to or edit MEMORY.md in the workspace.
Install Mechanism: okInstall spec only offers a single brew formula (jq). There are no downloads from arbitrary URLs, no extracted archives, and the included scripts are plain shell files — low install risk.
Credentials: noteThe declared primary credential is a single API key (AUTO_DRIVE_API_KEY), which is appropriate. However, the scripts also reference several optional environment variables (OPENCLAW_DIR, OPENCLAW_WORKSPACE, AGENT_NAME) that are not listed in the requires.env metadata. In particular OPENCLAW_DIR controls where the skill saves openclaw.json and .env (the API key) — by default this is $HOME/.openclaw, but if OPENCLAW_DIR is set the scripts will write the API key to that location without further validation. This is a plausible design choice but worth reviewing before installation.
Persistence & Privilege: okSkill is not marked always:true and uses normal autonomous invocation. It writes only to its own OpenClaw config directory and the user's workspace/state file by design. It does not attempt to modify other skills or system-wide settings beyond saving its own API key and state; it sets file perms to 600 for stored credentials.