Back to skill
Skillv1.0.0
ClawScan security
Response Speed Test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 5, 2026, 7:13 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The code and CLI match the stated purpose (measuring OpenClaw response timings), but the skill reads environment variables and local files/paths that are not declared in the manifest or SKILL.md — an inconsistency you should review before installing.
- Guidance
- This skill appears to implement the described timing/benchmark functionality, but review before installing: 1) Note that it reads environment variables (OPENCLAW_GATEWAY_URL, LLM_API_URL, LLM_MODEL, SOUL_MEMORY_PATH, OPENCLAW_STATE_DIR) even though the registry declares none — set them intentionally or leave defaults. 2) It inspects local paths (defaulting to /root/.openclaw/...), including listing .md files and reading index.json; if those directories contain sensitive data, run the skill in a restricted/sandboxed environment or point SOUL_MEMORY_PATH/OPENCLAW_STATE_DIR to a safe location. 3) There are no network calls in the current code, but LLM/Gateway probes are written to be extended to call APIs — verify any modifications that add network I/O. 4) Prefer installing from a trusted source (the pyproject references a GitHub repo); check the repository URL and author before running 'clawhub install' or running code locally. If you want, I can list the exact lines that read environment variables and file paths so you can audit them.
Review Dimensions
- Purpose & Capability
- okName, description, CLI, core measurement engine, probes and reporters are coherent: files implement timing probes for Gateway, Session, Memory, and LLM and generate reports as described.
- Instruction Scope
- noteSKILL.md instructs how to run the CLI but does not explicitly mention that probes will read environment variables and local filesystem paths. The code will access memory and state directories (e.g. SOUL_MEMORY_PATH default /root/.openclaw/workspace/memory and OPENCLAW_STATE_DIR default /root/.openclaw/state) and may read index.json; SKILL.md does not document these file reads.
- Install Mechanism
- noteNo install spec is declared (lower risk), but a pyproject.toml and packaging metadata are present and SKILL.md suggests using 'clawhub install'. There are no external downloads or installer URLs; install risk is low but the packaging vs. registry metadata mismatch is worth noting.
- Credentials
- concernThe registry lists no required env vars, yet code reads several environment variables at runtime (OPENCLAW_GATEWAY_URL, LLM_API_URL, LLM_MODEL, SOUL_MEMORY_PATH, OPENCLAW_STATE_DIR). These are relevant to the skill's function, but the manifest/README/SKILL.md do not declare them — a transparency gap. Also the skill will read local files (memory .md files and index.json) which can contain sensitive data; the code does not transmit data externally, but prompts and metadata could include snippets.
- Persistence & Privilege
- okSkill does not request always:true, does not attempt to modify other skills or system-wide agent settings, and has no autonomous elevated persistence. It only provides CLI and library code.