Skillv1.0.1

ClawScan security

agent-wake · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 2, 2026, 2:06 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (waking an agent via the gateway) but the registry metadata omits the clearly required gateway credential and there are small mismatches in how the token is located—this inconsistency should be resolved before use.
Guidance: The included Python script appears to do exactly what the description says: post a wake event to the local OpenClaw gateway using a gateway auth token. However, the registry metadata incorrectly lists no required credentials while the SKILL.md and script require a GATEWAY_TOKEN (or read OPENCLAW_GATEWAY_TOKEN from ~/.openclaw/gateway.cmd). Before installing or running this: 1) confirm where you should store the gateway token and that the registry metadata is updated; 2) ensure the gateway URL is a trusted, local endpoint (default is http://localhost:18789) and that enabling the cron tool over HTTP is acceptable for your environment; 3) protect the gateway token (do not commit a .env with the token into version control); and 4) if you plan to run this from external or networked environments, consider network-level protections so the gateway cannot be invoked by untrusted actors. If you want to proceed, update the skill/metadata to explicitly declare GATEWAY_TOKEN as a required credential so its needs are clear.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and the included script require a gateway auth token (GATEWAY_TOKEN or OPENCLAW_GATEWAY_TOKEN read from ~/.openclaw/gateway.cmd), but the registry metadata lists no required environment variables or credentials. That mismatch is incoherent: a wake tool legitimately needs the gateway token, and the metadata should declare it. Other than that, the requested actions (POST to /tools/invoke on the gateway) align with the stated purpose.
Instruction Scope: okThe runtime instructions and script are narrowly scoped: they load a local .env (script directory only), optionally read gateway.cmd from ~/.openclaw, and POST a wake event to the local gateway /tools/invoke endpoint. The README instructs enabling the cron tool over HTTP and setting the gateway token. The skill does not instruct reading unrelated system files or transmitting data to third-party endpoints.
Install Mechanism: okNo install spec; this is an instruction-only skill with a small Python script. Nothing is downloaded or written to disk by an installer. Risk from installation is low.
Credentials: concernThe functionality reasonably requires a gateway auth token, and the SKILL.md declares GATEWAY_TOKEN as required, but the registry metadata omitted it. The script also reads OPENCLAW_GATEWAY_TOKEN from gateway.cmd—this is relevant to the purpose but the lack of declared credentials in the registry is a red flag for packaging/metadata correctness and could lead to accidental misconfiguration or unintended exposure.
Persistence & Privilege: okThe skill does not request permanent presence, does not set always:true, and does not modify other skills or system-wide settings. It merely invokes the gateway API when executed.