Back to skill
Skillv1.0.3
ClawScan security
Openclaw Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 6:39 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and requested credential (SHELV_API_KEY) align with its stated purpose of uploading PDFs to an external Shelv service and hydrating returned Markdown files into ~/.openclaw/workspace/shelves; nothing disproportionate or unexplained was found.
- Guidance
- This skill appears coherent and implements the documented workflow. If you plan to install: 1) only provide a SHELV_API_KEY you trust (it grants access to your Shelv account), 2) be aware hydrated files are written under ~/.openclaw/workspace/shelves/<name> (the --force flag will remove an existing directory), and 3) the archive is downloaded from a presigned URL supplied by the service — ensure you trust the shelv.dev service and its API keys before use. If you need higher assurance, review the scripts locally before running them and confirm the API host (https://api.shelv.dev) is the intended endpoint.
Review Dimensions
- Purpose & Capability
- okName/description describe uploading PDFs, polling processing, and hydrating a filesystem; the skill only requires an API key for shelv.dev and POSIX tools (curl, tar, jq, shasum). These requirements are appropriate and expected for the described functionality.
- Instruction Scope
- okSKILL.md and included scripts only call the Shelv API, download the archive returned by the service, verify its sha256 checksum, check for path traversal and symlinks, and extract files into ~/.openclaw/workspace/shelves. The scripts do not attempt to read unrelated local files, exfiltrate environment data, or contact unexpected endpoints beyond the API/presigned-URL flow described.
- Install Mechanism
- okNo install spec is provided (instruction-only with shipped helper scripts). The scripts are plain shell, no third-party download/install step is executed at runtime by the skill. This is the lower-risk pattern for a skill that relies on system utilities.
- Credentials
- noteOnly SHELV_API_KEY is required and it is the primary credential used to authenticate to the documented API. This is proportionate. Minor note: the declared required binaries list includes shasum (and the scripts accept sha256sum too), so the declared binaries and the scripts' runtime checks are consistent enough but slightly imprecise about accepting either sha256sum or shasum.
- Persistence & Privilege
- okalways:false (default), and the skill does not request persistent system-wide privileges or modify other skills' configuration. It writes files only under ~/.openclaw/workspace/shelves/ and verifies the target path to prevent path traversal; --force can delete a shelf directory, which is explicit and expected behavior.