Skillv1.3.0

ClawScan security

Openclaw Work Protocol · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 18, 2026, 6:32 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only workflow/protocol for OpenClaw agents; its requirements and instructions are consistent with its stated purpose and it does not request unrelated credentials, installs, or hidden endpoints.
Guidance: This skill is a behavioral protocol (how an agent should work) and is internally coherent. Before installing, confirm: (1) the agent runtime's ability to run shell commands or network calls — those are suggested but not provided by the skill; (2) where MEMORY.md and learning-log.md will be stored and who can read them (they may contain sensitive data); (3) whether the agent will actually send reports externally (ensure network/reporting endpoints are trusted). If you accept the protocol, expect frequent automatic progress messages and local logs; if you need stricter privacy, restrict the agent's network/file permissions or modify the protocol to avoid persisting sensitive content.

Review Dimensions

Purpose & Capability: okThe name/description claim a workflow protocol for agents and the SKILL.md contains detailed operational rules, templates, and file-naming conventions that match that purpose. No unrelated credentials, binaries, or external services are requested.
Instruction Scope: okThe instructions focus on agent behavior: todo lists, incremental progress, frequent reporting, and local logging (MEMORY.md, learning-log.md, memory/YYYY-MM-DD.md). They reference common tools (curl, wget, Python, Node) as preferred options but do not mandate reading unrelated system files or exfiltrating data to external endpoints. The aggressive reporting rules are operationally broad but consistent with a workflow policy.
Install Mechanism: okThere is no install spec and no code files — this is instruction-only. Nothing is downloaded or written by the skill itself during install, which is the lowest-risk option.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. References to local files for logs/memory are proportional to a workflow protocol. No sensitive tokens or unrelated service credentials are requested.
Persistence & Privilege: noteThe skill does not set always:true and does not request elevated privileges. However, it instructs agents to persist logs and memories (local files) and to report frequently; if an agent has network access or permission to write to shared storage, those persistent artifacts could contain sensitive data. This is expected for a workflow policy but worth noting operationally.