Skillv1.0.3

ClawScan security

Kickstart · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 1:34 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only onboarding/template pack that is internally consistent with its stated purpose (bootstrapping workspace files, memory patterns, persona templates and automation scaffolding).
Guidance: This package is essentially a collection of templates and best-practice docs — useful but powerful. Before running 'run kickstart setup' or copying files: 1) Open and review each template (AGENTS.md, anchor.md, MEMORY.md, USER.md) and remove any example secrets or links you don't trust. 2) Fill anchor.md with strict non-negotiable rules (e.g., never post or exfiltrate private data, require explicit user approval for external actions). 3) Do not enable crons/automations until you've tested them manually in an isolated session. 4) When you connect external services (Discord, GitHub, Google, Supabase, Vercel, X), use least-privilege credentials, avoid committing tokens to version control, and prefer OAuth flows. 5) If you plan to operate in group/shared channels, ensure MEMORY.md is excluded from those contexts (the skill itself already warns about this). If you want extra assurance, install and test this in a disposable workspace first.

Review Dimensions

Purpose & Capability: okThe name/description match the actual content: SKILL.md plus many reference and asset templates for workspace, memory, heartbeats, and sub-agent orchestration. It does not request unrelated binaries, credentials, or config paths.
Instruction Scope: noteThe instructions tell the agent to copy files, create ~/.openclaw/workspace/memory, create heartbeat-state.json, and to read/write memory/USER.md/MEMORY.md on session start. That file I/O is appropriate for a workspace-bootstrapping skill, but it does mean the skill will cause the agent to read and persist potentially sensitive user data if you follow the guide—so review and customise templates before copying and be careful about what the agent is allowed to load in shared/group contexts.
Install Mechanism: okThere is no install spec and no code files — this is instruction-only, so nothing is downloaded or written by an installer. Low install risk.
Credentials: noteThe skill itself requires no environment variables or credentials. However, its API checklist and references explicitly recommend connecting external services (Discord, Google Workspace, Supabase, Vercel, GitHub, X, etc.). Those are optional user actions but involve tokens and OAuth flows; the skill does not itself request them, so the credential requests are proportionate but warrant user caution when you integrate them.
Persistence & Privilege: okalways is false, no install hooks, and the skill only instructs creating files in the user's OpenClaw workspace (its own domain). It does not request system-wide privileges or modify other skills' configs. Normal autonomous invocation applies.