Back to skill
Skillv0.1.0
ClawScan security
Soul Pack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 14, 2026, 6:17 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions match its stated purpose (exporting/importing local SOUL packages); the main inconsistency is that the skill metadata does not declare required local binaries (python3, openclaw CLI) which the scripts invoke.
- Guidance
- The skill appears to do what it says. Before installing/using: 1) Confirm you have python3 and the openclaw CLI installed (the metadata currently doesn't list these but the scripts call them). 2) Review any soul package contents before importing (do not include API keys, tokens, or arbitrary executables inside a package). 3) Importing copies SOUL.md/preview/manifest into the target workspace and, unless blocked with --force, will refuse to overwrite an existing SOUL.md — use caution with --force. 4) 'openclaw agents add' may contact a remote service and use your existing OpenClaw credentials/config; ensure you trust that service and run imports in a test workspace first. If you want stronger assurance, ask the author to update the skill metadata to declare required binaries and to clarify network behavior of the openclaw CLI.
Review Dimensions
- Purpose & Capability
- noteThe skill name/description describe exporting, importing, and listing SOUL packages and the included scripts implement exactly that. However the registry metadata claims no required binaries while the scripts and README require python3 and the openclaw CLI; that mismatch should be fixed (the binaries are reasonable for the stated purpose).
- Instruction Scope
- okSKILL.md gives explicit shell invocation examples and the bundled scripts operate only on local filesystem artifacts (SOUL.md, preview.md, manifest.json) and call the local openclaw CLI. The instructions do not attempt to read unrelated files or environment variables, nor do they transmit extracted package contents to unexpected external endpoints. Examples use user-specific absolute paths but that is only illustrative.
- Install Mechanism
- okThis is an instruction-only skill with bundled scripts and no install spec or remote downloads. Nothing in the manifest writes code to disk from an external URL; risk from install mechanism is low.
- Credentials
- noteThe skill declares no required environment variables or credentials, which aligns with local-only operation. Note: the scripts invoke the openclaw CLI which may itself use stored credentials/config in the user's environment to register agents or contact a remote service — this is expected for adding agents but is not declared in the metadata. No environment variables are read by the scripts directly.
- Persistence & Privilege
- okThe skill does not request permanent inclusion (always:false). The only persistent effect is that import-soul.sh may copy files into a workspace and call 'openclaw agents add' to register an agent — expected behavior for importing a package. The skill does not modify other skills or system-wide agent settings beyond creating/adding its own agent entry via the CLI.