Skillv1.0.3

ClawScan security

Local Claw Skill Nest Client · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 18, 2026, 12:12 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill implements a local/private Claw Skill Nest client and its code, env vars, and filesystem actions are consistent with that purpose; nothing in the package indicates covert or unrelated behavior.
Guidance: This skill appears to do what it says: manage a local/private Claw Skill Nest. Before installing, consider: (1) set SKILLHUB_URL and SKILLHUB_API_KEY to your local/private endpoint and avoid using any API key that is used for other services; the script has a default URL and API key which you should override in real use; (2) the script writes into ~/.openclaw/workspace/skills and uses temporary directories — ensure you are comfortable with skill archives being saved there; (3) uploading a local .skill/.zip will transmit its contents to the configured SKILLHUB_URL — do not upload files containing secrets you don't intend to share; (4) the script may spawn 'unzip' or PowerShell Expand-Archive to extract archives — ensure those system commands are trustworthy on your host; (5) if you want maximum assurance, review the included TypeScript file yourself or run it in an isolated environment (e.g., container) before granting access to production data or production API keys.

Review Dimensions

Purpose & Capability: okName, description, SKILL.md and the included script all implement a local/private Claw Skill Nest client (list/upload/install/update). The declared SKILL.md environment variables (SKILLHUB_URL, SKILLHUB_API_KEY), download/upload endpoints, and install path (~/.openclaw/workspace/skills) align with this purpose.
Instruction Scope: okRuntime instructions and the script are scoped to managing skills: calling the local service API, downloading/uploading skill archives, extracting or saving them, and writing into the skills directory. The script only reads the specified local file for upload, temp files during download, and writes into the skills directory; it does not attempt to read unrelated system files or other credentials.
Install Mechanism: okThere is no install spec (instruction-only with a single TypeScript script). No remote install or archive download is performed during install time by the platform; the script itself performs network actions at runtime which is expected for this client. This is low-risk and proportionate.
Credentials: noteThe SKILL.md documents SKILLHUB_URL and SKILLHUB_API_KEY which are appropriate for this client. However, registry metadata listed no required env vars while the SKILL.md and script do use those env vars (with defaults). The script also provides a hardcoded default URL and API key ('http://localhost:17890' and 'claw-skill-nest-secret-key'), which is convenient for local use but should be noted before deploying in environments where API keys are sensitive.
Persistence & Privilege: okalways is false and the skill does not request elevated or global agent privileges. It writes skill files into ~/.openclaw/workspace/skills (consistent with its purpose) and may invoke unzip/PowerShell to extract archives — expected for installing skill packages.