Back to skill
Skillv2.4.0
ClawScan security
Execution Loop · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 7:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, scripts, and runtime instructions are coherent with its stated purpose (controlling an agent's execution loop) and request no unusual credentials or external installs.
- Guidance
- This skill appears to do what it advertises: local stop-hook logic and session state management to keep an agent working or verify completion. Before installing, review the scripts (they're included) to ensure you're comfortable with files being created/updated under ~/.openclaw/shared-context/sessions. Note two practical caveats: 1) re-anchor reminders require the original task to be written into reanchor.json by whatever component starts the session (the drift script only increments the counter and will not inject reminders unless original_task is set), and 2) the context-usage (>=95%) safety valve is documented but not implementable from these hook scripts and thus is intentionally omitted. If you plan to use agent-type hooks that run tools (prompt/agent modes mentioned in docs), confirm your runtime will constrain those tool-access permissions appropriately. Otherwise, no suspicious network calls, credentials, or remote installs were found.
Review Dimensions
- Purpose & Capability
- okThe name/description (execution loop, Ralph, doubt gate, drift re-anchor, task checklist) matches the included scripts and docs. All required functionality is implemented locally via shell hooks that read/write session state under ~/.openclaw/shared-context/sessions; no unrelated credentials, network endpoints, or package installs are requested.
- Instruction Scope
- noteMost SKILL.md instructions map to the provided scripts and reference files (.harness-tasks.json, ralph.json, reanchor.json). Minor mismatches: the docs mention a 'context >=95%' safety valve but the ralph-stop-hook explicitly notes this is not implemented (transcript lacks needed data). references/drift-reanchor.md and the design text say the original prompt should be saved into sessions/<id>/reanchor.json, but the included drift-reanchor.sh initializes original_task as empty on first call — another component must populate the anchor for reminders to fire. These are implementation/coordination gaps, not signs of misdirection.
- Install Mechanism
- okNo install spec or remote downloads; all scripts and tests are included in the package. This reduces supply-chain risk (no external URLs or registry installs).
- Credentials
- okThe skill requires no environment secrets or external credentials. Scripts operate on files under the user's HOME (~/.openclaw/shared-context/sessions) and in working directories (.harness-tasks.json). That file-system access is proportionate to the stated purpose (stateful stop hooks and checklists).
- Persistence & Privilege
- noteThe skill creates and updates files under the user's HOME (~/.openclaw/shared-context/sessions) to maintain cross-turn state (ralph.json, cancel.json, reanchor.json, guard files). This is expected for persistent-execution hooks but does require write access to the user's home; always:false and no cross-skill config modification are present.