Skillv1.0.0

ClawScan security

Garden Layout Planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 9:25 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: Files and runtime instructions are consistent with a local garden-layout CLI: no network calls, no extra credentials, and the script stores data in a local JSON under the user's home directory.
Guidance: This skill appears to be a simple local CLI for planning gardens: it stores data at ~/.openclaw/workspace/garden_layout_db.json and offers an export command. Before installing or running it, review the export implementation (to confirm that "safe directories" are actually enforced) and verify you are comfortable with the script writing/reading a file in your home directory. If you will run it in an automated agent context, remember the agent can invoke the script and that the DB file will be created/modified under your home. There are no network calls or credential requests visible, which reduces risk; if you need stronger isolation, run the script in a sandbox or review the rest of the file to confirm there are no hidden network or shell-exec operations.

Purpose & Capability: okThe skill name, SKILL.md usage examples, and the included Python script all implement garden bed/plant management, companion suggestions, spacing, layout display, and export. There are no requests for unrelated cloud credentials, external binaries, or surprising capabilities.
Instruction Scope: noteSKILL.md instructs running the included CLI and exporting layouts to files. It claims "file exports restricted to safe directories," but the visible parts of scripts/garden_layout.py store the DB at ~/.openclaw/workspace/garden_layout_db.json and perform file exports — I did not see an explicit enforcement of a "safe directories" policy in the visible code. The instructions do not direct the agent to read unrelated system files or network endpoints.
Install Mechanism: okThere is no install spec; this is instruction + script only. No downloads, package installs, or archive extraction are present in the manifest, minimizing supply-chain risk.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths beyond the script's own DB file under the user's home. That matches the apparent needs of a small local CLI tool.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated privileges. It writes its own DB under ~/.openclaw/workspace, which is consistent with a local tool storing user data; it does not modify other skills' configs or request system-wide changes.