Skillv1.0.2

ClawScan security

Genome Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 7:57 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement local genome storage and mutation as described, but there are several inconsistencies between the documentation and the code (and missing checks around sensitive data) that warrant caution before installing or sharing genomes.
Guidance: This tool is essentially a small local JSON CRUD utility for 'genomes' and is not obviously malicious, but there are a few things to check before use: - Expect the script to create and write files to ~/.openclaw/genomes — inspect that directory and the JSON files after any run. - SKILL.md promises some features the code doesn't provide (a Genome class, EvoAgentX integration, 'crossover' mutation). Don't rely on those until they are implemented; the README/examples and code are inconsistent. - The documentation states 'no credentials in prompts' but the validate command does not scan for secrets. Manually review any genome 'prompts' or fields for API keys, tokens, or PII before sharing externally (EvoMap sharing is described as 'future' and not implemented). Consider adding a secrets-scan step before sharing. - Because this skill writes to your home directory, run it as a non-privileged user and inspect the source code locally (you already have it) before invoking from an agent that may run autonomously. - If you plan to integrate with other agent frameworks, verify the programmatic API expectations against the actual code (the code exposes functions, not a Genome class as the docs show). If you want me to, I can: - produce a short patch to implement a basic credentials-in-prompts check in validate_genome, - or run a checklist of test commands to exercise the script safely in a sandboxed environment.

Review Dimensions

Purpose & Capability: noteOverall purpose (manage/create/mutate genomes) matches the shipped script: the Python tool creates, lists, reads, mutates, and validates JSON genomes in ~/.openclaw/genomes. However the SKILL.md and examples claim additional capabilities that the code does not provide (e.g., a Genome class, direct Integration with EvoAgentX/Workflow.from_genome, and the 'crossover' mutation type), and the registry metadata disagrees with SKILL.md's declared required binary (SKILL.md lists python3 in metadata, registry 'Required binaries' is empty). These mismatches are functional inconsistencies (not immediate evidence of malicious intent) but reduce trust.
Instruction Scope: noteInstructions and CLI usage in SKILL.md largely reflect the script's commands (create, list, get, mutate, validate). But SKILL.md claims validation rules like 'No credentials in prompts' and 'Genomes never contain API keys', while the implemented validate_genome function does not check prompts or scan stored genome contents for credentials—only basic numeric checks. SKILL.md also references future/distributed sharing (EvoMap) and programmatic APIs that are not implemented. The script only reads/writes local JSON files under ~/.openclaw/genomes and does not perform network I/O.
Install Mechanism: okThis is an instruction-only skill with a small Python script included; there is no install spec, no downloads, and no third-party package install. Nothing will be written to disk by an installer beyond the included files; however the script itself will create and write JSON files into ~/.openclaw/genomes when run.
Credentials: okThe skill declares no required environment variables or credentials and the code does not read env vars or require API keys. This is proportional to the stated local storage purpose. Note: SKILL.md asserts genomes won't contain credentials, but that is not enforced by code—so stored genomes could accidentally include secrets if the user or an agent writes them.
Persistence & Privilege: okThe skill is not forced-always; it's user-invocable and can be called by the agent (normal). The only persistence is that the script creates files under the user's home (~/.openclaw/genomes). It does not modify other skills or system-wide configuration.