Skillv0.1.8

ClawScan security

Leak Check · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 22, 2026, 5:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with its stated purpose (local-only scan of session JSONL files for credential patterns), and it does not request extra credentials, installs, or system privileges beyond needing node to run.
Guidance: This skill appears to do exactly what it claims: scan local OpenClaw session JSONL files for credential fragments you configure. Before installing or running: 1) review the leak-check.json you create to ensure it contains only non-sensitive fragments (the SKILL.md warns not to store full credentials); 2) be aware the script will read all files under ~/.openclaw/agents/main/sessions (these files often contain sensitive content) — that is necessary for the scan but means the process will access any secrets present; 3) if you want extra assurance, run the provided grep the SKILL.md suggests to confirm there are no network/child_process calls in the installed copy; and 4) keep this skill run locally and do not put full credentials in the config. If you want, I can re-check the full (untruncated) script text or search it for specific APIs/strings before you run it.

Purpose & Capability: okName/description (scan session logs for leaked credentials) align with what the skill does: it reads OpenClaw session JSONL files and checks them against patterns from a local leak-check.json. Required binary (node) is appropriate and there are no unrelated environment variables or external service credentials requested.
Instruction Scope: okSKILL.md and the script restrict actions to reading session files and a local config file (~/.openclaw/credentials/leak-check.json or ./leak-check.json). The instructions explicitly describe behavior (including config-echo detection and how to remove session files). The script recurses the sessions directory and reads files, which is expected for its purpose; it does not instruct collecting or transmitting data elsewhere.
Install Mechanism: okNo install spec is provided (instruction-only with an included script). Requiring node is normal and no external downloads, package installs, or archive extraction are present.
Credentials: okThe skill requires no environment variables or external credentials. Its configuration comes from a local JSON file that the user supplies (and is explicitly advised to store only partial fragments). This is proportionate to the functionality.
Persistence & Privilege: okThe skill is not always-enabled and uses normal, explicit invocation. It does not attempt to modify other skills or system-wide settings; it reads files under the user's OpenClaw directories only.