Skillv1.0.0

ClawScan security

Yuzhua (驭爪) - Gesture-Controlled OpenClaw Chat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 8:27 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions are consistent with a local installer/start/stop/health-check helper for a gesture-driven Yuzhua app, but it downloads and runs upstream project code (no integrity checks), so review the remote repo and .env before running.
Guidance: This skill is coherent for installing and running a local Yuzhua app, but it clones and executes code from a remote GitHub repository without verifying a commit/tag or signature. Before running: (1) inspect the repository (and the repo's start.sh) to ensure it does what you expect; (2) avoid placing real secrets in .env unless you trust the upstream code; (3) prefer setting YUZHUA_REPO_URL to a vetted fork or a specific commit/tag; (4) run the install/start in a restricted environment (container or VM) if you want to limit risk; (5) ensure git, curl, and lsof are available and review output during install/start. If you cannot review the upstream repo, treat this as higher risk.

Review Dimensions

Purpose & Capability: okName/description match the provided scripts and SKILL.md. The skill only implements install, start, stop, and health-check behaviour for a local Yuzhua project and uses expected options (YUZHUA_HOME, YUZHUA_REPO_URL, YUZHUA_API_URL, YUZHUA_PORT). No unrelated credentials or services are requested.
Instruction Scope: noteSKILL.md and scripts stay within the stated scope: install.sh clones/updates the repo and prepares .env, start.sh execs the project's own start.sh, health_check.sh queries a local HTTP status endpoint, and stop.sh kills processes on the configured port. One important note: start.sh execs the upstream project's start.sh (i.e., arbitrary code from the cloned repo will run), which is outside the skill's own review surface.
Install Mechanism: noteThere is no packaged installer; install.sh clones from a GitHub repo (https://github.com/juguangyuan520-dotcom/Yuzhua.git). Using git+GitHub is common, but the script clones/updates and then relies on the repo's start.sh without verifying commit, tag, or signature. That creates a risk if the remote repo is malicious or compromised.
Credentials: okThe skill declares no required credentials and only uses optional environment variables for paths, repo URL, API URL, and port. The scripts create a local .env from .env.example when present; this is reasonable for local configuration. There is no built-in exfiltration of .env in the skill itself, but the upstream project's code (run by start.sh) could access or transmit secrets in .env.
Persistence & Privilege: okThe skill does not request elevated platform privileges, does not set always:true, and does not modify other skills or global agent configs. It performs actions only under the configured YUZHUA_HOME path.