OpenClaw技能分类与统计

ReviewAudited by ClawScan on May 11, 2026.

Overview

The skill mostly matches its stated purpose, but its HTML export can render unescaped data from other skills, which could let a malicious skill description run code when the report is opened.

Review before installing if you plan to generate HTML reports from untrusted or newly installed skills. JSON or Markdown output is safer until the HTML exporter escapes skill metadata. Expect the tool to read installed OpenClaw skill metadata, run the local OpenClaw CLI, and create local cache files.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI05: Unexpected Code Execution

What this means

If any installed skill has a malicious name or description, opening the generated HTML report could run script or injected HTML in the user's browser.

Why it was flagged

Skill names and descriptions collected from installed skills are inserted into generated HTML using `innerHTML` without HTML/JavaScript-context escaping.

Skill content

skills_data.append({'name': skill['name'], ... 'description': translate_description(...)}) ... row.innerHTML = `... ${skill.name} ... ${skill.description || '-'}`;

Recommendation

Render skill fields with `textContent` or DOM text nodes instead of `innerHTML`, sanitize/escape all metadata, and escape `</script>` when embedding JSON inside script tags.

Low

#ASI05: Unexpected Code Execution

What this means

Using the skill will run the local OpenClaw command-line tool; a compromised local PATH or shell environment could affect what gets executed.

Why it was flagged

The skill runs a local shell command to obtain the OpenClaw skill list. The command is fixed and central to the stated purpose, but it still executes local CLI code.

Skill content

subprocess.run('openclaw skills list --json', capture_output=True, text=True, encoding='utf-8', timeout=60, shell=True)

Recommendation

Prefer `subprocess.run(['openclaw', 'skills', 'list', '--json'], shell=False)` and document that the skill invokes the local OpenClaw CLI.

Low

#ASI06: Memory and Context Poisoning

What this means

Local information about installed skills and classifications may remain on disk and influence later reports.

Why it was flagged

The skill persists cache, snapshots, and classification-learning data across runs.

Skill content

首次运行会自动创建缓存目录 `~/.openclaw/cache/skill_list/` ... 分类学习数据会自动保存，用于后续新技能分类

Recommendation

Document cache contents and provide a clear cleanup option; users should avoid putting secrets in skill names or descriptions.