Skillv1.1.3

ClawScan security

skill-trust-auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 12:58 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it implements a local/static pattern-based auditor that needs Python (and optionally the clawhub CLI) and (optionally) an Anthropic API key for LLM judgement — its requirements and code match its stated purpose.
Guidance: This skill appears to do what it claims: fetch skill files and run pattern checks. Before installing: (1) review patterns.json if you want to understand what it flags and the allowlisted domains; (2) be aware that enabling '--llm' mode will send snippets to Anthropic if you set ANTHROPIC_API_KEY (only enable if you trust that service); (3) running setup.sh will pip-install packages (requests, anthropic) — inspect the setup script and installed packages if you must maintain a strict supply-chain policy; (4) the auditor fetches remote skill files over the network to analyze them — this network access is necessary but means the tool can only be as accurate as the sources it fetches. Overall, the package is coherent and reasonable for an auditor, but exercise standard caution when enabling LLM judgement or when allowing pip installs on sensitive hosts.

Review Dimensions

Purpose & Capability: okThe skill's name/description (audit ClawHub skills) match the actual artifacts: a Python analyzer, shell wrappers, and a patterns.json. Declared binaries (python3, optional clawhub) are appropriate. No unrelated credentials or binaries are requested.
Instruction Scope: okRuntime instructions only run the included setup and audit scripts which fetch SKILL.md and referenced scripts from ClawHub/GitHub, then run regex checks. The instructions do not direct the agent to read unrelated local secrets or modify other skills. The only path that references home config is an optional alias pointing to the installed auditor script (not a request to read ~/.openclaw or secrets).
Install Mechanism: noteNo platform install spec is provided; setup.sh installs Python packages (requests and optional anthropic) from PyPI via pip. This is expected for a Python tool but introduces normal supply-chain risk from PyPI packages; packages are well-known (requests, anthropic) and installation is local and explicit.
Credentials: noteThe skill declares no required env vars. It does optionally use ANTHROPIC_API_KEY for the '--llm' mode (README and setup.sh mention this). That optional key is proportionate to an LLM-as-judge feature but is not required for core auditing; the SKILL metadata does not list it as required, which is consistent.
Persistence & Privilege: okThe skill does not request always:true, does not attempt to modify other skills or agent core files, and the provided setup only installs local Python packages. It does not create persistent hooks or modify shell profiles.