Skillv3.1.2

ClawScan security

kkclaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 10:27 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only desktop/UI enhancement for OpenClaw and the requested pieces align with that purpose; nothing in the SKILL.md instructs the agent to access unrelated secrets or system paths, but installing and running third‑party code (npm, GitHub releases) carries normal supply‑chain risks you should review.
Guidance: This skill is an instruction-only integration that points to a GitHub project and recommends running npm or installing released binaries. That is coherent with its purpose, but before running: (1) review the GitHub repository code and its npm package.json / dependency tree for suspicious or high‑risk packages; (2) prefer building from source if you want to avoid opaque release installers; (3) be cautious with any TTS/voice‑cloning features — they may require provider API keys you should store securely and only grant to trusted services; (4) check what native permissions the released installers request on your OS (startup/auto‑run, microphone, network access); and (5) keep backups of OpenClaw/Gateway configs before letting a third‑party tool alter them. If you want a deeper assessment, provide the GitHub repository contents or release binaries for review.

Review Dimensions

Purpose & Capability: okName/description promise (desktop UI, TTS, model/provider management, Gateway diagnostics) matches the instructions and references to a GitHub project and releases. There are no unrelated credentials, binaries, or config paths requested that would contradict the stated purpose.
Instruction Scope: okSKILL.md and reference files are README/setup-style instructions (git clone, npm install, npm start, links to releases). They do not instruct the agent to read arbitrary system files, exfiltrate data, or access environment variables beyond normal developer/runtime usage. The guidance is scoped to installing and running the kkclaw app and preparing OpenClaw/TTS/Gateway.
Install Mechanism: noteNo install spec in the skill bundle (instruction-only), which is lowest platform risk. The README recommends cloning a GitHub repo and using npm and/or downloading GitHub release installers — these are typical but carry standard supply-chain risk (npm dependencies, third‑party binaries). Links point to GitHub (well-known host), not obscure hosts.
Credentials: okThe skill declares no required env vars/credentials. The README mentions TTS/configs/API key encryption as runtime features of the application, which is consistent; it does not request credentials from the agent itself. No disproportionate or unrelated secrets are requested.
Persistence & Privilege: okalways is false and the skill is user-invocable. As an instruction-only skill it does not request persistent agent privileges or modify other skills. Normal autonomous invocation is allowed by platform defaults but not combined here with other red flags.