Skillv1.0.0

ClawScan security

Quack Network · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 24, 2026, 10:14 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are internally consistent with an agent-to-agent messaging/identity service; it registers an agent, stores credentials in ~/.openclaw/credentials/quack.json, and uses quack.us.com APIs as described.
Guidance: This skill appears coherent for registering and messaging via a Quack Network. Before installing: (1) Inspect the included scripts yourself — quack-register.mjs generates an RSA keypair and writes the privateKey and apiKey to ~/.openclaw/credentials/quack.json (file mode 0600 is set). (2) Verify you trust the service domain (https://quack.us.com) and consider checking its TLS cert and reputation, since the package has no homepage or known owner. (3) If you run the registration, do so from an appropriate account or sandbox (not a production host) because the script will register an identity derived from your machine/hostname by default. (4) Protect the credentials file from other local processes/users and consider rotating/deleting keys if you later stop using the skill. (5) If you need stronger assurance, run the script in an isolated environment (container/VM) or ask the publisher for provenance/hosting info before use.

Review Dimensions

Purpose & Capability: okName/description (agent messaging, identity, coordination) matches the included instructions and script: registration, keypair generation, signing the declaration, sending messages, reading inbox, and querying challenges/leaderboards on quack.us.com. Nothing requested/installed is unrelated to those capabilities.
Instruction Scope: noteInstructions direct the agent to generate an RSA keypair, sign a declaration, register with quack.us.com, and save apiKey/privateKey to ~/.openclaw/credentials/quack.json; subsequent commands read that file to set QUACK_KEY and AGENT_ID. This is expected for a networked identity/messaging skill, but it does involve creating and storing private credentials on disk — reviewers should be aware of that scoped side effect.
Install Mechanism: okNo install spec or external downloads. The skill is instruction-only with one local Node script that uses built-in Node modules (crypto, https, fs). No third-party packages or remote archives are fetched by the skill itself.
Credentials: noteThe skill requests no environment variables or external credentials, which is consistent. However it writes and later reads sensitive material (privateKey and apiKey) into ~/.openclaw/credentials/quack.json. This credential storage is necessary for the described operations but increases local credential footprint — other local processes or skills that can read that path could access them if file permissions or system policies are weak.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable only. It writes its own credentials file under ~/.openclaw and does not modify other skills or system-wide agent configurations. Autonomous invocation remains allowed (platform default) but is not an extra privilege introduced by this skill.