Skillv1.0.0

ClawScan security

OpenClaw AntSeed · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 3:44 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's actions (installing an AntSeed CLI, adding a buyer plugin, and configuring OpenClaw) match its stated purpose, but it requires installing npm packages and may create a persistent systemd service and join an open P2P network—so review packages and configs before use.
Guidance: This skill is internally consistent with its purpose, but you should verify before installing: 1) Inspect the @antseed/cli and @antseed/router-local-proxy packages (npm/GitHub) to ensure you trust their source and behaviour. npm packages execute code during install. 2) Back up ~/.openclaw/openclaw.json (the script will overwrite it) and inspect ~/.antseed/config.json if you add bootstrap nodes. 3) Running the buyer proxy joins a public P2P network—model requests and prompt data may be relayed to unknown providers or upstream APIs; avoid sending sensitive data. 4) If you don't want persistence, do not use the --service option or enable the systemd unit. 5) Prefer testing inside an isolated environment (container or VM) and validate antseed --version and the plugin behavior manually before making it your default model provider.

Review Dimensions

Purpose & Capability: okThe name/description (connect OpenClaw to AntSeed) matches the actual actions: install @antseed/cli, add the local proxy plugin, run a local buyer proxy, and update OpenClaw's config. Declared required binaries (npm, openclaw) are sensible and sufficient for the stated task.
Instruction Scope: noteRuntime instructions and the included script only touch AntSeed and OpenClaw-related files (~/.antseed/config.json and ~/.openclaw/openclaw.json), install the AntSeed CLI/plugin, and optionally install a systemd service. These are within scope, but the skill directs the agent/machine to join a public P2P network (DHT) and to add arbitrary bootstrap nodes—actions that expose network traffic and model requests to third parties and should be considered a material behavior beyond a simple local integration.
Install Mechanism: noteThere is no packaged install spec in the registry; the script performs a global npm install of @antseed/cli and invokes antseed plugin add. This is expected for the task but means remote code from the npm package (and any plugins it downloads) will run on the host—moderate risk if the packages or their dependencies are untrusted.
Credentials: okThe skill requests no additional environment variables or unrelated credentials. It does read/write the user's AntSeed and OpenClaw config files (expected for configuration) and suggests using sudo for systemd service installation — these accesses are proportional to setting up a persistent local proxy but do modify user/system config.
Persistence & Privilege: notealways:false (normal). The skill optionally installs a systemd service which grants persistence (auto-start and continuous network presence). Installing a persistent service that joins a P2P network increases blast radius and should be a conscious decision by the user; the skill does not request elevated privileges beyond the sudo needed to create a systemd unit.