Skillv1.2.0

ClawScan security

Kim Msg Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 8:36 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill generally does what it says (send Kim messages) but its metadata under-declares the credentials and config paths it uses and it will read local secret files (including an OpenClaw-wide secrets file) which is a surprising / disproportionate behavior.
Guidance: Before installing, be aware of three things: 1) Metadata mismatch — the registry entry lists no required env vars or config paths but the scripts require KIM_WEBHOOK_TOKEN or KIM_APP_KEY/KIM_SECRET_KEY and will search ~/.openclaw/.secrets, ~/.kim_credentials, and ./kim_credentials. Expect the skill to read those files. 2) Least-privilege recommendation — prefer exporting the specific KIM_* environment variables rather than keeping a broad ~/.openclaw/.secrets file that may contain unrelated credentials. If you must use files, set strict permissions (chmod 600) and verify the file contents only include what you intend to expose. 3) Code review and provenance — the code contacts only Kim endpoints documented in SKILL.md, but the package lacks a homepage and the source is listed as unknown; SKILL.md and README reference a GitHub repo. Inspect that upstream repository (and commit history), verify checksums, and run the scripts in a safe environment (or test account) if you have sensitive secrets in ~/.openclaw/.secrets. If you cannot inspect the files or prefer not to risk reading shared secrets, reject or sandbox the skill and supply credentials via dedicated environment variables instead.

Review Dimensions

Purpose & Capability: concernName/description, README, SKILL.md and scripts all describe sending Kim messages via webhook or appKey/secret, which matches the code. However the skill metadata declares no required env vars or config paths even though the scripts require KIM_WEBHOOK_TOKEN or KIM_APP_KEY/KIM_SECRET_KEY and will look in ~/.openclaw/.secrets, ~/.kim_credentials, and ./kim_credentials. The omission in metadata is an incoherence that hides what the skill actually needs to access.
Instruction Scope: concernThe runtime instructions and shipped scripts explicitly read environment variables and fall back to reading local credential files in the user's home and current directory. They only contact the Kim endpoints described in SKILL.md and do not call unexpected external endpoints, but the fallback behavior reads a potentially broad 'Unified secrets' file (~/.openclaw/.secrets) which may contain unrelated secrets. The SKILL.md claims the script will not expose file paths, but it does read those files locally — this scope expansion should be called out to users.
Install Mechanism: okNo install script or remote downloads are present — the skill ships small local scripts and a Node script only. No installers or external archives are fetched, so installation risk is low.
Credentials: concernThe credentials the code needs (KIM_WEBHOOK_TOKEN, KIM_APP_KEY, KIM_SECRET_KEY) are proportionate to the stated purpose. But the skill metadata does not declare these env vars or the config file paths. More importantly, the fallback will open ~/.openclaw/.secrets which is described as 'OpenClaw unified key management' and could contain many unrelated secrets — reading that file for a single-service key is broader access than a user might expect.
Persistence & Privilege: okThe skill does not request permanent/always-on inclusion, does not modify other skills or system-wide config, and does not persist credentials beyond using environment variables or local files. It runs only when invoked.