Back to skill
Skillv1.5.2
ClawScan security
Safety Checks · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 24, 2026, 8:18 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's claims (local runtime safety checks) match the files and instructions provided; it is internally coherent and does not request unrelated credentials or install steps in its manifest.
- Guidance
- This skill is instruction-only and appears coherent with its goal of local safety checks. Before installing or running it: (1) review .openclaw/safety-checks.yaml and .claude/safety-checks.yaml contents so the skill audits the right config, (2) back up any workspace or cache you care about because flags like --clear and --clear-state will modify/delete local files, (3) if you plan to install the recommended auxiliary skills (constraint-engine, context-verifier, failure-memory), inspect those packages separately (they are not bundled here), and (4) confirm your agent runtime exposes only non-sensitive session metadata because the skill reads the runtime's model-version metadata rather than calling external APIs. If you want higher assurance, ask for the exact file-level commands the skill will run (or a code implementation) before enabling destructive flags.
Review Dimensions
- Purpose & Capability
- okName/description (model pinning, fallback, cache, session hygiene) align with the declared requirements: no env vars, only two config paths, and local workspace output. The skill only requires reading local config/metadata and writing to output/safety/, which is proportionate to the stated purpose.
- Instruction Scope
- noteSKILL.md confines operations to local checks (reading .openclaw/.claude configs, workspace files, lock files, and agent session metadata) and supports clearing stale entries. This is within scope, but the commands that clear state (--clear, --clear-state) imply file deletion/modification — users should be aware these options will modify or remove local files. Also, the skill reads 'agent session metadata' (model strings exposed by the runtime); ensure your runtime exposes only intended data.
- Install Mechanism
- noteInstruction-only skill (no install spec, no code files) — lowest risk for supply-chain install. The README recommends installing auxiliary skills (constraint-engine, context-verifier, failure-memory) via openclaw install, but there is no automated install spec in the manifest. Verify any recommended dependency packages (the leegitw/* skills) before installing them.
- Credentials
- okNo environment variables or credentials requested. The only declared required config paths (.openclaw/safety-checks.yaml and .claude/safety-checks.yaml) are directly relevant to its functionality.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent system-level privileges or attempt to modify other skills' configs. It writes results to a declared workspace path (output/safety/), which is consistent with its purpose.