Skillv0.0.2

ClawScan security

请先说你好.skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 11, 2026, 5:48 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and file I/O align with a local companion/check‑in skill; it reads/writes local workspace and session files and does not request credentials or make external network calls in the provided files.
Guidance: This skill appears coherent and implements local companion logic plus optional integration with a host (OpenClaw Heartbeat). Before installing or enabling proactive delivery: 1) review the skill's state and roles paths (state/session.yaml, roles/) and where HEARTBEAT.md will be written (resolved from OPENCLAW_HOME / OPENCLAW_WORKSPACE or openclaw.json) so you are comfortable with files being created/updated; 2) inspect scripts (companion_runtime.py, heartbeat_bridge.py, sync_heartbeat_md.py) if you want to confirm there are no unexpected network calls or side effects in your environment; 3) keep proactive outreach disabled until you wire in Heartbeat/Cron in a host that controls outbound delivery and targets; 4) note the repo listing included what looks like a truncated line in companion_runtime.py (a probable syntax/typo artifact in the provided snippet); verify the actual file in the source you install. If you want, I can point out exact files/lines to inspect or summarize network/file I/O occurrences found in each script.
Findings: [base64-block] expected: The README contains base64-embedded SVG data (badges). The prompt-injection detector flagged a base64 block, but this appears to be innocuous image data in docs rather than an attempt to exfiltrate secrets.

Review Dimensions

Purpose & Capability: okName/description (companion / proactive greetings) match the included scripts and references: intent parsing, rolecard generation/validation, a proactive eligibility engine, and heartbeat integration. Files and runtime behavior (reading/writing session/role YAML, generating HEARTBEAT.md) are proportionate to the stated purpose.
Instruction Scope: noteSKILL.md and the scripts instruct the agent to read and write local files (state/session.yaml, roles/, HEARTBEAT.md in the resolved workspace) and to run local scripts (companion_runtime.py, proactive_scheduler.py, heartbeat_bridge.py). These actions are expected for a companion + host-integrated proactive system, but the skill will persist state and write to a workspace path resolved from environment variables or openclaw.json—review those paths before enabling proactive delivery.
Install Mechanism: okInstruction-only / repository of Python helper scripts; no install spec or remote downloads included. This is the lowest-risk install posture.
Credentials: noteThe skill does not request secrets or credentials. Scripts optionally read environment variables (OPENCLAW_HOME, OPENCLAW_WORKSPACE, OPENCLAW_AGENT_ID, OPENCLAW_WORKSPACE_NAME) and openclaw.json to resolve workspace paths; these are reasonable for host integration but were not listed under required env vars—this is optional/expected but worth noting.
Persistence & Privilege: okThe skill persists its own runtime state under its skill root (state/session.yaml, roles/) and can write a HEARTBEAT.md into a resolved workspace. It does not declare always:true and does not modify other skills or system-wide settings in the provided code. File writes are user/workspace-scoped.