Skillv1.0.0-openclaw.1

ClawScan security

Last30Days Community Intelligence for OpenClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 7:13 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill does what it says (multi-source 30-day research), but it reads sensitive local data (browser cookies), expects many API keys and writes persistent files while the skill metadata doesn't declare those secrets—review before installing.
Guidance: This repository implements the advertised multi-source research engine, but before installing or running it you should: - Review the scripts yourself (especially scripts/lib/vendor/bird-search and scripts/setup_openclaw_env.sh) to confirm you accept cookie access and file-write behavior. - Be aware the Bird client can read browser cookies on macOS (it may prompt for Keychain access); if you don't want that, avoid using the Bird path and provide service API keys instead or run with mocking (--mock). - Expect to supply sensitive API keys (ScrapeCreators, OpenAI, xAI, Brave/Parallel/OpenRouter) if you want native scraping/search; store them securely (the code expects a .env-like secrets file) and set file permissions (chmod 600). - Note the skill writes persistent data (SQLite DB, briefs, logs) into ~/.openclaw/workspace (and upstream docs mention saving to ~/Documents/Last30Days/) — if you don't want persistent archives, run with --no-store or inspect/modify scripts to change save locations. - Because the skill metadata does not enumerate its environment/credential needs, do not rely solely on registry metadata — the code itself expects many env vars. If you want to reduce risk, run the skill in a sandbox/container or test with --mock to avoid network/cookie access. If these behaviors (cookie reading, multiple API keys, persistent storage) are acceptable for your threat model and you reviewed the code, the skill is coherent with its purpose. If not, do not install or run it until you either remove the vendored cookie path or run it in an isolated environment.

Review Dimensions

Purpose & Capability: okThe code and docs match the name/description: connectors for Reddit, X, YouTube, TikTok, Instagram, Hacker News, Polymarket and web search are present and used by the Python engine. The vendored Bird client for X (twitter/x) is included which fits the stated X support.
Instruction Scope: concernRuntime instructions and the shipped scripts instruct the agent/operator to run Python/Node scripts that will perform network scraping and persist results locally. The vendored Bird client reads browser cookies on macOS (explicitly documented). The code also creates and reads a secrets file (~/.openclaw/workspace/.secrets/last30days.env), writes DB and briefing files under ~/.openclaw/workspace/data, and the upstream README mentions auto-saving to ~/Documents/Last30Days/. These I/O and cookie-access actions involve sensitive local data and persistent storage beyond ephemeral runtime output.
Install Mechanism: okNo remote install spec or download URLs are present (instruction-only packaging + included source). The vendored bird-search client is included in the repository. Node 22+ is required for the vendored bird client but there is no remote fetch of arbitrary code at install time.
Credentials: concernThe project uses multiple sensitive environment variables (SCRAPECREATORS_API_KEY, OPENAI_API_KEY, XAI_API_KEY, AUTH_TOKEN/CT0 fallback for X, PARALLEL_API_KEY/BRAVE_API_KEY/OPENROUTER_API_KEY, etc.) which are reasonable for the declared data sources, but the skill metadata declares no required env vars or primary credential. The omission of declared required secrets in the skill metadata is an inconsistency and an information-gap the user should notice. Additionally, the documented ability to read browser cookies (and prompt for Keychain access on macOS) is sensitive and should be considered before running.
Persistence & Privilege: noteThe skill writes local SQLite DBs, briefings, logs, and a secrets file under the user's OpenClaw workspace (persistent storage). always:false (no forced always-on). The upstream docs mention an optional auto-save to ~/Documents/Last30Days/ (persistent user documents) — that behavior is potentially surprising and should be confirmed before use. The skill does not request system-wide privileges or modify other skills in the repository.