Skillv1.0.0

ClawScan security

AGENT SPM SKILL · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 9:31 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The instructions broadly match the stated purpose (generate a secp256k1 keypair and install/configure an OpenClaw plugin), but there are several gaps and risky choices you should review before proceeding (missing metadata about the config path, an npm plugin of unknown provenance, and steps that enable the gateway-wide plugin system and grant persistent plugin execution).
Guidance: The guide does what it says (creates a secp256k1 key, installs an npm plugin, edits openclaw.json), but you should not proceed blindly. Before installing: (1) verify the npm package (@chrguard/ai-guardian-plugin) — check its publisher, version, README, and source repository; prefer an official homepage or signed release. (2) Inspect the plugin code (or install in an isolated/test environment) before enabling it in your production gateway. (3) Understand that enabling plugins and adding the plugin to 'allow' grants it persistent execution; consider testing in a sandboxed instance first. (4) Protect the generated private key: generate it on a machine you control, ensure file permissions are correct, consider hardware-backed key storage if available, and keep backups and rotation plans. (5) Note the registry metadata omits the config path but the instructions use ~/.config/ai-guardian/guard-client-key — this mismatch is why you should confirm intent and provenance. If you can't verify the npm package or review the plugin code, avoid granting it gateway-wide permissions.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (install & configure Agentic SPM plugin with a secp256k1 keypair) aligns with the runtime steps: it generates a local keypair, installs an OpenClaw plugin, and edits openclaw.json. However registry metadata declared no required config paths or secrets, yet the instructions write and later reference a private key at ~/.config/ai-guardian/guard-client-key (a minor metadata inconsistency). The instructions also assume presence of Node.js and the OpenClaw CLI, which is reasonable for this workflow.
Instruction Scope: concernSKILL.md tells the user to generate a private key file in the user's home (~/.config/ai-guardian/guard-client-key), install a plugin from npm, and modify the global gateway configuration to enable plugins, add the plugin to the allow list, and add a load path. Writing a private key and modifying the global openclaw.json (which 'unlocks the entire plugin system') are high-impact actions. The instructions do not ask for unrelated files or environment variables, but they do require persistent modification of gateway config and placement of a secret on disk — both are within the stated purpose but have elevated security implications that are not called out or mitigated (no integrity checks, no verification of plugin source).
Install Mechanism: noteThere is no install spec in the registry, but the SKILL.md instructs using 'openclaw plugins install @chrguard/ai-guardian-plugin' which will pull a package from npm. Using npm is common, but the skill provides no package homepage, version, or publisher information. Because the plugin code will be downloaded and run by the gateway, you should verify the package (publisher, version, and source) before installing; the instruction to install from npm is expected but not risk-free.
Credentials: concernThe skill declares no required env vars or config paths in registry metadata, yet its instructions create and reference a sensitive private key file under ~/.config/ai-guardian/guard-client-key and instruct adding that path to plugin config. Requesting no environment variables is consistent, but the omission of the config path in metadata is an inconsistency. Storing a private key on disk is necessary for the described use, but it's sensitive: the plugin will be able to read/use that key once installed. There is no guidance for key backup, rotation, or verification of who/what will use the key.
Persistence & Privilege: concernThe skill does not set always:true, but it instructs you to enable the OpenClaw plugin system, add the plugin to allow list, add its load path, and restart the gateway — actions that grant a third-party plugin persistent, autonomous execution inside your gateway. That is consistent with installing a plugin, but it increases blast radius: a malicious or vulnerable plugin could act continuously. The instructions do not include any safeguards (e.g., sandboxing, least-privilege settings, or verifying plugin behavior).