Skillv1.0.0

ClawScan security

OpenClaw Doctor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 23, 2026, 3:38 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only health-check for OpenClaw that is internally consistent with its stated purpose and does not request unexpected credentials or installs.
Guidance: This skill is an instruction-only health checker and appears coherent for that role. Before installing or allowing autonomous runs: 1) confirm you trust the agent to read local config files (openclaw.json) because they may contain API keys or secrets; 2) run the checks manually first (run 'openclaw status' and inspect openclaw.json) to see what data is exposed; 3) ensure the environment has the expected 'openclaw' CLI and Node.js and that outgoing network access for model/API checks is acceptable; 4) note that SKILL.md asks the agent to mask secrets but that masking is not enforced—avoid granting the skill access to secrets you would not want inspected. If you need stronger guarantees, restrict it to manual invocation and run it in a test environment first.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: the skill is a diagnostic that reads OpenClaw config and workspace files and runs the OpenClaw CLI to report status. Required binary (node) is reasonable for an OpenClaw tool. It mentions verifying API keys and model connectivity but does not require external credentials — this is consistent if keys are stored in local config files (openclaw.json).
Instruction Scope: noteSKILL.md instructs the agent to read openclaw.json, workspace files (MEMORY.md, TOOLS.md, daily notes) and run 'openclaw status' and 'openclaw cron list' — all within the scope of a health check. However these instructions imply reading configuration files that may contain sensitive API keys; the document asks the agent to redact keys but does not define how to validate API keys or where network checks should be performed. The instructions are otherwise narrowly scoped and do not request unrelated system data.
Install Mechanism: okNo install spec and no code files — lowest-risk instruction-only skill. It relies on existing CLI/binaries (node and the 'openclaw' CLI) which is expected for this purpose.
Credentials: noteThe skill declares no required environment variables or credentials, which is proportionate for a read-only diagnostic. That said, verifying API keys/model connectivity will likely require access to secrets stored in local config files (openclaw.json) or performing outgoing network requests; those are plausible needs but are not explicitly documented as required credentials.
Persistence & Privilege: okThe skill does not request persistent or elevated platform privileges (always:false). It is user-invocable and allows autonomous invocation by default, which is normal for skills; there is no evidence it would modify other skills or system-wide settings.