Back to skill
Skillv0.3.5
ClawScan security
ground-control · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 12:32 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested actions and instructions are consistent with a post-upgrade verification tool — it reads runtime config, runs verification steps, and can auto-fix config/cron drift; nothing requested is disproportionate to that purpose.
- Guidance
- This skill is internally consistent for post-upgrade verification, but it performs powerful changes (gateway config.patch and cron update). Before installing: 1) Ensure the controlling agent has appropriate, least-privilege permissions; 2) Back up your runtime config; 3) Run the skill in --dry-run / report-only mode first to inspect the drift report and confirm redaction behavior; 4) Confirm the ops channel destination is internal and not an external webhook; 5) Review MODEL_GROUND_TRUTH.md to ensure it contains no secrets or credentials. If you rely on the skill's zero-secret logging, audit its first few runs to verify no secret leakage occurs.
Review Dimensions
- Purpose & Capability
- okThe skill's name/description match what it does: 5-phase verification and optional auto-repair of config and cron. The capabilities it needs (read/patch config, list/update cron, spawn sessions, send messages) are coherent and necessary for those features.
- Instruction Scope
- noteAll runtime instructions are contained to OpenClaw primitives (gateway, cron, sessions_spawn, message). The skill explicitly instructs the agent to redact sensitive nodes (auth/plugins/credentials) and to never log literal secrets. It reads runtime config and writes a non-sensitive report to memory/ and an ops channel (expected). This is scoped appropriately, but it relies on correct runtime enforcement of the redaction rules — a buggy agent implementation could still leak secrets.
- Install Mechanism
- okInstruction-only skill with no install spec and no downloaded code. Lowest-risk install mechanism.
- Credentials
- okThe skill declares no environment variables or external credentials. It uses the platform's existing runtime capabilities to probe provider liveness and channels; this is proportional to its stated purpose.
- Persistence & Privilege
- noteThe skill can auto-patch runtime config and cron (powerful operations). Auto-fix is bounded by guardrails (dry-run, pause if >3 fields changed, logs before/after). Users should ensure the agent has only necessary permissions and that backups are available before enabling auto-fix.